#18187 closed defect (fixed)
Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 => fixed in svn
| Reported by: | Thomas Faber | Owned by: | |
|---|---|---|---|
| Component: | guest additions | Version: | |
| Keywords: | Cc: | ||
| Guest type: | Windows | Host type: | all |
Description
VBoxGuest.sys calls ExAllocatePoolWithTag(..., 'TRPI') on an allocation that was made with an ExAllocatePool() call.
This happens in rtR0InitNative, where RTR0DbgKrnlInfoOpen is called before g_pfnrtExAllocatePoolWithTag is initialized. Therefore the object will be allocated with ExAllocatePool (tracked by Windows as tag "None"). The RTR0DbgKrnlInfoRelease call that follows happens after g_pfnrtExFreePoolWithTag is initialized, however, and therefore causes a mismatch.
This should result in a BAD_POOL_CALLER bug check when using a checked build of Windows. It also reproduces in ReactOS (downstream bug https://jira.reactos.org/browse/CORE-15446), and produces log output like the following:
(ntoskrnl/mm/ARM3/expool.c:2530) Freeing pool - invalid tag specified: IPRT != None
*** Fatal System Error: 0x000000c2
(0x0000000A,0xB6B08BD8,0x656E6F4E,0x54525049)
[7h
Entered debugger on embedded INT3 at 0x0008:0x809543a4.
kdb:> bt
Eip:
<ntoskrnl.exe:1543a5 (:0 (RtlpBreakWithStatusInstruction))>
Frames:
<ntoskrnl.exe:8c47d (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>
<ntoskrnl.exe:8ca54 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>
<ntoskrnl.exe:ab8c2 (ntoskrnl/mm/ARM3/expool.c:2531 (ExFreePoolWithTag))>
<VBoxGuest.sys:153f5 (src/VBox/Runtime/r0drv/nt/alloc-r0drv-nt.cpp:80 (rtR0MemFree))>
<VBoxGuest.sys:d496 (src/VBox/Runtime/r0drv/alloc-r0drv.cpp:108 (RTMemTmpFree))>
<VBoxGuest.sys:fd27 (src/VBox/Runtime/r0drv/nt/dbgkrnlinfo-r0drv-nt.cpp:594 (RTR0DbgKrnlInfoRelease))>
<VBoxGuest.sys:15e95 (src/VBox/Runtime/r0drv/nt/initterm-r0drv-nt.cpp:345 (rtR0InitNative))>
<VBoxGuest.sys:d29c (src/VBox/Runtime/r0drv/initterm-r0drv.cpp:88 (RTR0Init))>
<ntoskrnl.exe:63cd4 (ntoskrnl/io/iomgr/driver.c:1587 (IopCreateDriver))>
Attachments (1)
Change History (12)
comment:1 by , 6 years ago
| Summary: | Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 → Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 => fixed in svn |
|---|
by , 5 years ago
| Attachment: | howtoreproduce.PNG added |
|---|
comment:5 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:8 by , 4 years ago
15+ Free Prestashop Themes that makes your website more creative. These <a href="https://themevolty.com/prestashop-themes">Prestashop Themes </a>.makes your website more Lucrative. Free Prestashop Themes....
PrestaShop <a href="https://themevolty.com/prestashop-themes"> prestashop 1.7 themes</a> is one of the well-known open-source e-commerce solutions to create an online web. restaShop is somewhat complex. But this tutorial very helpful for you.
Prestashop is a more secure framework compare to other frameworks,and this framework main benefit is that it's easy to use and provide a user-friendly environment.
Recently Prestashop releases a newer version 1.7.6.8. it's faster and Gives a good experience.and when you install any version of Prestashop please be careful with PHP versions of your server
I Give you a link. you can go with this link and select your PHP version according to your Prestashop installed version.
Now that you intend to build a <a href="https://themevolty.com/prestashop-themes"> themes for PrestaShop</a>, you are better off keeping all your development work on your server. Another advantage is that a local server test environment enables you to test code without the risk of the store and you can check code in your local environment. Having a local environment is the essential first step in the web development <a href="https://themevolty.com/prestashop-themes">Prestashop template</a>
Read More:
https://themevolty.com/free-prestashop-themes-
https://themevolty.com/prestashop-themes
https://themevolty.com/electron-mega-electronic-store
comment:9 by , 2 years ago
Very motivating and supportive too.Hope you keep on sharing a greater amount of your ideas. I will very much want to peruse it.
comment:10 by , 2 years ago
This is a great inspiring article. I am pretty much pleased with your good work. http://www.bangalorehotcallgirls.in/bangalore-escorts-gallery.html http://www.bangalorehotcallgirls.in/location/basaveshwar-nagar-escorts.html http://www.bangalorehotcallgirls.in/location/bellandur-escorts.html http://www.bangalorehotcallgirls.in/location/chickpet-escorts.html http://www.bangalorehotcallgirls.in/location/conrad-escorts.html http://www.bangalorehotcallgirls.in/location/cooke-town-escorts.html http://www.bangalorehotcallgirls.in/location/dollars-colony-escorts.html http://www.bangalorehotcallgirls.in/location/gandhi-nagar-escorts.html http://www.bangalorehotcallgirls.in/location/hbr-layout-escorts.html You put really very helpful information...
comment:11 by , 2 years ago
I like these topics very much. I would like to see such topics daily, this post is very good indeed. There are people like you in the world who put forth their views. http://www.bangalore-escort.org/ http://www.hotbangaloreescorts.in/ http://www.blrescorts.in/ http://www.vipbangalorescorts.com/ http://www.escortsbangalore.co.in/ http://bangaloreescortsgirls.com/ http://www.richaescorts.in/ http://www.komalsharma.in/ https://www.ankithbangaloreescorts.com/ http://www.bangaloreescortsservice.net/ http://www.hindikahani.co.in/
Thank you so much for posting such a great post.


Thanks a lot for pointing directly to the problem. I've committed a fix to trunk and 6.0. Will be shipped in the next 6.0.x release, and any test build additions with revision number 128657 or higher.