Changeset 1836 for trunk/dll/filldir.c

Timestamp:

Jul 15, 2015, 2:48:14 AM (10 years ago)

Author:

Gregg Young

Message:

Fix trap in collector if a pci-pszFileName = NullStr and fix heap corruption problem and its related traps. This code reverts John double free fix. Ticket [551][555]

File:

• trunk/dll/filldir.c (modified) (24 diffs)

trunk/dll/filldir.c

@@ -107 +107 @@
   28 Jun 14 GKY Fix errors identified with CPPCheck
   30 Aug 14 GKY Use saymsg2 for Suggest dialog
+  14 Jun 15 GKY Changes to prevent trap in Filter, heap corruption and traps associated with it
   19 Jun 15 JBS Ticket 514: Double free fix (which also fixes a memory leak)
 
@@ -153 +154 @@
 #include "pathutil.h"                   // AddBackslashToPath
 #include "tmrsvcs.h"                    // ITIMER_DESC
+#if 0
+#define  __PMPRINTF__
+#include "PMPRINTF.H"
+#endif
 
 VOID StubbyScanThread(VOID * arg);
@@ -424 +429 @@
   BOOL fLoadSubjectForDrive = fLoadSubject && ~flags & DRIVE_NOLOADSUBJS;
   BOOL fLoadLongNameForDrive = fLoadLongnames &&  //~flags & DRIVE_NOLONGNAMES &&
-                               ~flags & DRIVE_NOLOADLONGS;
+                               ~flags & DRIVE_NOLOADLONGS;
   if (fLoadSubjectForDrive || fLoadLongNameForDrive) {
     // Allocate space to hold GEA2s and .SUBJECT and .LONGNAME strings
-    PGEA2LIST pgealist = xmallocz(sizeof(GEA2LIST) + sizeof(GEA2) + 64, pszSrcFile, __LINE__);
+      PGEA2LIST pgealist = xmallocz(sizeof(GEA2LIST) + (sizeof(GEA2) * 2) + 32,
+                                    pszSrcFile, __LINE__);
     if (pgealist) {
       APIRET rc;
@@ -466 +472 @@
       //DbgMsg(pszSrcFile, __LINE__, "pgealist %p cbList %u", pgealist, pgealist->cbList);
 
-      pfealist = xmallocz(4096, pszSrcFile, __LINE__);
+      pfealist = xmallocz(65536, pszSrcFile, __LINE__);
       if (pfealist) {
-        pfealist->cbList = 4096;
+        pfealist->cbList = 65536;
         eaop.fpGEA2List = pgealist;
         eaop.fpFEA2List = pfealist;
@@ -514 +520 @@
             pfea = (PFEA2)((PSZ)pfea + pfea->oNextEntryOffset);
           } // while
-        }
+        }
         free(pfealist);
       }
@@ -688 +694 @@
   pci->rc.hptrIcon = hptr;
 
+
   // check to see if record should be visible
+  DosRequestMutexSem(hmtxFiltering, SEM_INDEFINITE_WAIT);
   if (dcd && (*dcd->mask.szMask || dcd->mask.antiattr ||
               ((dcd->mask.attrFile &
                 (FILE_HIDDEN | FILE_SYSTEM | FILE_READONLY | FILE_ARCHIVED))
-               !=
-               (FILE_HIDDEN | FILE_SYSTEM | FILE_READONLY | FILE_ARCHIVED))))
-  {
+               != (FILE_HIDDEN | FILE_SYSTEM | FILE_READONLY | FILE_ARCHIVED)))) {
     if (*dcd->mask.szMask || dcd->mask.antiattr) {
       if (!Filter((PMINIRECORDCORE) pci, (PVOID) & dcd->mask))
-        pci->rc.flRecordAttr |= CRA_FILTERED;
+        pci->rc.flRecordAttr |= CRA_FILTERED;
     }
     else if ((!(dcd->mask.attrFile & FILE_HIDDEN) &&
@@ -710 +716 @@
     }
   }
+  DosReleaseMutexSem(hmtxFiltering);
 
   return pffb->cbFile + pci->easize;
@@ -851 +858 @@
   pci->rc.hptrIcon = hptr;
 
+  DosRequestMutexSem(hmtxFiltering, SEM_INDEFINITE_WAIT);
   if (dcd &&
       (*dcd->mask.szMask || dcd->mask.antiattr ||
@@ -858 +866 @@
     if (*dcd->mask.szMask || dcd->mask.antiattr) {
       if (!Filter((PMINIRECORDCORE) pci, (PVOID) & dcd->mask))
-        pci->rc.flRecordAttr |= CRA_FILTERED;
+        pci->rc.flRecordAttr |= CRA_FILTERED;
     }
     else if ((!(dcd->mask.attrFile & FILE_HIDDEN) &&
@@ -870 +878 @@
       pci->rc.flRecordAttr |= CRA_FILTERED;
   }
+  DosReleaseMutexSem(hmtxFiltering);
 
   return pfsa4->cbFile + pci->easize;
@@ -968 +977 @@
         pffbFile = paffbFound;
         ulSelCnt = 0;
-        for (;;) {
+        for (;;) {
           if (!*pffbFile->achName ||
               (!filestoo && ~pffbFile->attrFile & FILE_DIRECTORY) ||
@@ -989 +998 @@
           if (stopflag && *stopflag)
             goto Abort;
-          if (fSyncUpdates) {
+          if (fSyncUpdates) {
+            if (!WinIsWindow(WinQueryAnchorBlock(hwndCnr), hwndCnr)) {
+              ok = FALSE;
+              ullTotalBytes = 0;
+              break;
+            }
             pciFirst = WinSendMsg(hwndCnr, CM_ALLOCRECORD,
                                   MPFROMLONG(EXTRA_RECORD_BYTES),
@@ -1005 +1019 @@
               // Finish filling pci items
               for (x = 0; x < ulSelCnt; x++) {
-                pffbFile = papffbSelected[x];
+                pffbFile = papffbSelected[x];
                 ullBytes = FillInRecordFromFFB(hwndCnr, pci, pszFileSpec,
                                                pffbFile, partial, dcd);
@@ -1039 +1053 @@
             if (ok) {
               ullReturnBytes += ullTotalBytes;
-              ulReturnFiles += ulSelCnt;
+              ulReturnFiles += ulSelCnt;
+              DosRequestMutexSem(hmtxFiltering, SEM_INDEFINITE_WAIT);
               if (dcd) {
                 dcd->totalfiles += ulSelCnt;
                 dcd->ullTotalBytes += ullTotalBytes;
-              }
+              }
+              DosReleaseMutexSem(hmtxFiltering);
             }
           } // if sync updates
@@ -1098 +1114 @@
           ULONG ulRecsToInsert;
 
-          if (pci ==NULL) {
+          if (pci ==NULL) {
+            if (!WinIsWindow(WinQueryAnchorBlock(hwndCnr), hwndCnr)) {
+              ok = FALSE;
+              ullTotalBytes = 0;
+              break;
+            }
             ulRecsToInsert = cAffbTotal - x <  USHRT_MAX  ? cAffbTotal - x : USHRT_MAX;
             pciFirst = WinSendMsg(hwndCnr, CM_ALLOCRECORD,
                                   MPFROMLONG(EXTRA_RECORD_BYTES), MPFROMLONG(ulRecsToInsert));
 
-            if (!pciFirst) {
+            if (!pciFirst) {
+              //ERRORID erridErrorCode = WinGetLastError(WinQueryAnchorBlock(hwndCnr));
+              //PmpfF(("Allocation failed %i", erridErrorCode));
               Win_Error(hwndCnr, HWND_DESKTOP, pszSrcFile, __LINE__,
                         GetPString(IDS_CMALLOCRECERRTEXT));
@@ -1118 +1141 @@
               pci = pciFirst;
             }
-          }
+          }
           ullBytes = FillInRecordFromFFB(hwndCnr, pci, pszFileSpec,
                                          pffbFile, partial, dcd);
           pci = (PCNRITEM) pci->rc.preccNextRecord;
           ullTotalBytes += ullBytes;
-          // 15 Sep 09 SHL allow timed updates to see
+          // 15 Sep 09 SHL allow timed updates to see
+          DosRequestMutexSem(hmtxFiltering, SEM_INDEFINITE_WAIT);
           if (dcd) {
             dcd->totalfiles = x;
             dcd->ullTotalBytes = ullTotalBytes;
-          }
+          }
+          DosReleaseMutexSem(hmtxFiltering);
           // Can not use offset since we have merged lists - this should be equivalent
           pffbFile = (PFILEFINDBUF4L)((PBYTE)pffbFile + sizeof(FILEFINDBUF4L));
 
-          if (!IdleIfNeeded(&itdSleep, 30)) {
-            for (x = x+1; x < cAffbTotal; x++) {
+          if (!IdleIfNeeded(&itdSleep, 30)) {
+            for (x = x+1; x < cAffbTotal; x++) {
               ullBytes = FillInRecordFromFFB(hwndCnr, pci, pszFileSpec,
                                           pffbFile, partial, dcd);
               pci = (PCNRITEM) pci->rc.preccNextRecord;
-              ullTotalBytes += ullBytes;
+              ullTotalBytes += ullBytes;
+              DosRequestMutexSem(hmtxFiltering, SEM_INDEFINITE_WAIT);
               if (dcd) {
                 dcd->totalfiles = x;
                 dcd->ullTotalBytes = ullTotalBytes;
-              }
-              pffbFile = (PFILEFINDBUF4L)((PBYTE)pffbFile + sizeof(FILEFINDBUF4L));
+              }
+              DosReleaseMutexSem(hmtxFiltering);
+              pffbFile = (PFILEFINDBUF4L)((PBYTE)pffbFile + sizeof(FILEFINDBUF4L));
               if (pci == NULL) {
                 priority_normal();
@@ -1832 +1859 @@
 VOID FreeCnrItemData(PCNRITEM pci)
 {
+  
   if (pci->pszSubject) {
     if (pci->pszSubject != NullStr)
@@ -1837 +1865 @@
     pci->pszSubject = NULL;             // Catch illegal references
   }
-
+  
   // 08 Sep 08 SHL Remove excess logic
   if (pci->pszLongName) {
@@ -1844 +1872 @@
     pci->pszLongName = NULL;            // Catch illegal references
   }
-
+  
   // Bypass free if pszDisplayName points into pszFileName buffer
   // 05 Sep 08 SHL Correct pointer overlap compare logic
@@ -1853 +1881 @@
           pci->pszDisplayName >= pci->pszFileName + _msize(pci->pszFileName))
       {
-        free(pci->pszDisplayName);
+        free(pci->pszDisplayName);
       }
     }
@@ -1859 +1887 @@
   }
 
-  if (pci->pszFileName) {
-    if (pci->pszFileName != NullStr) {
+#if 0 // 26 Sep 09 SHL debug dup free complaints
+  if (!pci->pszFileName)
+    Runtime_Error(pszSrcFile, __LINE__, "FreeCnrItemData attempting to free %p data twice", pci);
+  else {
+    if (pci->pszFileName != NullStr)
       free(pci->pszFileName);
-    }
-    pci->pszFileName = NULL;            // Catch illegal references and dup free attempts
-  }
-
-// 26 Mar 14 JBS Twice on the longname?
+    pci->pszFileName = NULL;            // Catch illegal references
+  }
+#else
+  {
+    #define HIST_COUNT 50
+    static struct {
+      PCNRITEM pci;
+      PSZ pszFileName;
+    } history[HIST_COUNT];
+    static volatile UINT iHistNdx;
+    UINT i;
+
+    if (!pci->pszFileName) {
+      // Looks like pci was already freed
+      // Try to locate original file name in history buffer
+      for (i = 0; i < HIST_COUNT && pci != history[i].pci; i++) { }     // Scan
+      if (i < HIST_COUNT) {
+        Runtime_Error(pszSrcFile, __LINE__, "FreeCnrItemData attempting to free %p data twice, fileName was %.260s",
+                      pci, history[i].pszFileName);
+      } else {
+        Runtime_Error(pszSrcFile, __LINE__, "FreeCnrItemData attempting to free %p data twice", pci);
+      }
+    }
+    else {
+      PSZ psz;
+      PSZ *ppsz;
+      // Grab a history slot
+      // This should work well enoungh to prevent MT/SMP conflicts
+      for (;;) {
+        i = iHistNdx;
+        if (++i >= HIST_COUNT)
+          i = 0;
+        if (++iHistNdx >= HIST_COUNT)
+          iHistNdx = 0;
+        if (i == iHistNdx) break;
+      }
+      ppsz = &history[iHistNdx].pszFileName;
+      psz = *ppsz;
+      if (psz)
+        free(psz);
+      if (pci->pszFileName && pci->pszFileName != NullStr)
+        *ppsz = strdup(pci->pszFileName);
+      else
+        *ppsz = NULL;
+      history[iHistNdx].pci = pci;
+      if (pci->pszFileName != NullStr)
+        free(pci->pszFileName);
+      pci->pszFileName = NULL;          // Catch illegal references and dup free attempts
+    }
+  }
+
+
+#endif
+
   // 08 Sep 08 SHL Remove excess logic
   if (pci->pszLongName) {
@@ -1943 +2023 @@
 {
   INT remaining = usCnt;
+  BOOL bIdlePrioritySet = FALSE;
+// #define RCI_ITEMS_PER_TIMER_CHECK (10)
+// 10 seems a very conservative number
+//   USHORT usTimerCheckCountdown       = RCI_ITEMS_PER_TIMER_CHECK;
   PCNRITEM pci;
   ITIMER_DESC itdSleep = { 0 };         // 30 May 11 GKY
@@ -1966 +2050 @@
       InitITimer(&itdSleep, 500);
       while (pci) {
-        FreeCnrItemData(pci);
+        FreeCnrItemData(pci);
+        pci = (PCNRITEM)pci->rc.preccNextRecord;
+        if (!pci)
+          break;
         if (remaining && --remaining == 0)
           break;
-        pci = (PCNRITEM)WinSendMsg(hwnd, CM_QUERYRECORD, (MPARAM)pci,
-                                   MPFROM2SHORT(CMA_NEXT, CMA_ITEMORDER));
-        if (pci && !IdleIfNeeded(&itdSleep, 30)) {
-          // Finishing in idle mode
-          while (pci) {
-            FreeCnrItemData(pci);
-            if (remaining && --remaining == 0)
-              break;
-            pci = (PCNRITEM)WinSendMsg(hwnd, CM_QUERYRECORD, (MPARAM)pci,
-                                   MPFROM2SHORT(CMA_NEXT, CMA_ITEMORDER));
-
-          }
-          priority_normal();
-          break;
+        if (!bIdlePrioritySet /* && --usTimerCheckCountdown == 0 */) {
+          bIdlePrioritySet = !IdleIfNeeded(&itdSleep, 30);
+//           usTimerCheckCountdown = RCI_ITEMS_PER_TIMER_CHECK;
         }
       } // while
+      if (bIdlePrioritySet)
+        priority_normal();
+
       DosPostEventSem(CompactSem);
     }
   }
+
+  // DbgMsg(pszSrcFile, __LINE__, "RemoveCnrItems %p %u %s", pci, usCnt, pci->pszFileName);
 
   if (remaining != - 1) {
@@ -1995 +2076 @@
     }
   }
+
   return remaining;
 }