From 91f17adf01e54302b0c8d86df5627214f0bdf5d0 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Fri, 20 Jul 2012 01:00:38 -0400
Subject: [PATCH] Windows: avoid memory overrun during extent release

While tearing down extents, if an extent is found to be in use
it will be skipped.  Must use 'ulReleaseCount' as the index
into the released extent array.

Change-Id: Iaf8a82c77ac8f4ddb30b35f43a4ce7a70f4a32a8
Reviewed-on: http://gerrit.openafs.org/7796
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 .../afsrdr/kernel/lib/AFSExtentsSupport.cpp   | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
index 83d2986fa..1c2373680 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
@@ -236,16 +236,14 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                 if( pEntry->ActiveCount == 0)
                 {
 
-                    ulReleaseCount++;
-
-                    pRelease->FileExtents[ulProcessCount].Flags = AFS_EXTENT_FLAG_RELEASE;
+                    pRelease->FileExtents[ulReleaseCount].Flags = AFS_EXTENT_FLAG_RELEASE;
 
 #if GEN_MD5
-                    RtlCopyMemory( pRelease->FileExtents[ulProcessCount].MD5,
+                    RtlCopyMemory( pRelease->FileExtents[ulReleaseCount].MD5,
                                    pEntry->MD5,
                                    sizeof(pEntry->MD5));
 
-                    pRelease->FileExtents[ulProcessCount].Flags |= AFS_EXTENT_FLAG_MD5_SET;
+                    pRelease->FileExtents[ulReleaseCount].Flags |= AFS_EXTENT_FLAG_MD5_SET;
 #endif
 
                     if( BooleanFlagOn( pEntry->Flags, AFS_EXTENT_DIRTY))
@@ -256,7 +254,7 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                         AFSRemoveEntryDirtyList( Fcb,
                                                  pEntry);
 
-                        pRelease->FileExtents[ulProcessCount].Flags |= AFS_EXTENT_FLAG_DIRTY;
+                        pRelease->FileExtents[ulReleaseCount].Flags |= AFS_EXTENT_FLAG_DIRTY;
 
                         dirtyCount = InterlockedDecrement( &Fcb->Specific.File.ExtentsDirtyCount);
 
@@ -275,11 +273,13 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                                   pEntry->FileOffset.LowPart,
                                   pEntry->Size);
 
-                    pRelease->FileExtents[ulProcessCount].Length = pEntry->Size;
-                    pRelease->FileExtents[ulProcessCount].DirtyLength = pEntry->Size;
-                    pRelease->FileExtents[ulProcessCount].DirtyOffset = 0;
-                    pRelease->FileExtents[ulProcessCount].CacheOffset = pEntry->CacheOffset;
-                    pRelease->FileExtents[ulProcessCount].FileOffset = pEntry->FileOffset;
+                    pRelease->FileExtents[ulReleaseCount].Length = pEntry->Size;
+                    pRelease->FileExtents[ulReleaseCount].DirtyLength = pEntry->Size;
+                    pRelease->FileExtents[ulReleaseCount].DirtyOffset = 0;
+                    pRelease->FileExtents[ulReleaseCount].CacheOffset = pEntry->CacheOffset;
+                    pRelease->FileExtents[ulReleaseCount].FileOffset = pEntry->FileOffset;
+
+                    ulReleaseCount++;
 
                     AFSFreeExtent( Fcb,
                                    pEntry);
-- 
2.39.5