Is this a bug?

[acoma]

I confused with this code:

LONG
FASTCALL
ObDereferenceObjectEx(IN PVOID Object,
IN LONG Count)
{
POBJECT_HEADER Header;
LONG NewCount;

/* Extract the object header */
Header = OBJECT_TO_OBJECT_HEADER(Object);

/* Check whether the object can now be deleted. */
NewCount = InterlockedExchangeAdd(&Header->PointerCount, -Count);
if (!Count) ObpDeferObjectDeletion(Header);

/* Return the current count */
return NewCount;
}

Is this should be NewCount?

[hto]

Thank you very much!

There are even two bugs. First, InterlockedExchangeAdd returns old count. And then if checks wrong variable.

[Ghostshaw]

Actually you could say theres 3 bugs, since count could be greater then PointerCount resulting in negative PointerCount which would still need to get it deleted, but with the current code (even if you replace Count with header->pointercount) wouldn't do so.

[bugboy]

If you would like to give a name, credit should be given in commit.

mjmartin

[hto]

I would rather add there a check for a negative count and a debug print.

[acoma]

Can we change to :

if ((NewCount - Count)<=0) ObpDeferObjectDeletion(Header);

[Lone_Rifle]

If you ever spot more bugs in future, join us at Freenode IRC, #reactos. The dev team hangs out there and can entertain your queries quicker.

[acoma]

Thank you, I will

[hto]

Can we change to :

if ((NewCount - Count)<=0) ObpDeferObjectDeletion(Header);

No. Or ObpDeferObjectDeletion can be called more then once.

[fireball]

Thanks, I fixed this and other related bugs in r41043.

[The123king]

Nice to see this bug fixed