[ros-dev] Re: [ros-svn] [ion] 16728: - Don't try to get the length of a possibly empty string. This fixes many menu applications (such as WinRAR). However I'm now getting a bug due to a double-free. It seems a GDI Object is being freed twice. Can anyone check this out please?

[Robert Köpferl]

How about blockers?
When is it time for the next Release Candidate.
I can't figure out when it's time because I don't find into bugzilla 
anymore.. (as the site is down)


Alex Ionescu wrote:
> ion at svn.reactos.com wrote:
> 
>> - Don't try to get the length of a possibly empty string. This fixes 
>> many menu applications (such as WinRAR). However I'm now getting a bug 
>> due to a double-free. It seems a GDI Object is being freed twice. Can 
>> anyone check this out please?
>>
>>  
>>
> With the combination of this patch + Hartmut's patch + DBG = 0 build 
> (and/or disabling RZ detection), Winrar runs fine again. However, 
> pressing OK in the dialog bug causes a crash in 
> RtlFreeUnicodeString->RtlpFreeMemory->ExFreePool. It seems the buffer is 
> invalid. So it looks like two things have to be fixed for Winrar and 
> other apps to work fine (Windows Commander does work now):
> 
> 1) Stop the GDI Object from being freed twice. This will fix the first 
> bugcheck and allow Winrar to work in DBG = 1 with RZ enabled. Disabling 
> RZ is only a hack and shouldn't be used a solution. The stack trace 
> ships the double-free routine pretty well, but I'm not well versed in 
> win32k to fix this.
> 
> 2) Find out why we are RtlFreeUnicodestring-ing what seems to be an 
> invalid pointer.
> 
> I think if we can fix these two issues we'll have many more apps working 
> again!
> I've tested Winrar 3.50 b7, btw.
> 
> Best regards,
> Alex Ionescu
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.com
> http://reactos.com:8080/mailman/listinfo/ros-dev
>