Ticket #18187 (closed defect: fixed)

Opened 4 years ago

Last modified 21 months ago

Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 => fixed in svn

Reported by: ThFabba Owned by:
Component: guest additions Version:
Keywords: Cc:
Guest type: Windows Host type: all


VBoxGuest.sys calls ExAllocatePoolWithTag(..., 'TRPI') on an allocation that was made with an ExAllocatePool() call.

This happens in rtR0InitNative, where RTR0DbgKrnlInfoOpen is called before g_pfnrtExAllocatePoolWithTag is initialized. Therefore the object will be allocated with ExAllocatePool (tracked by Windows as tag "None"). The RTR0DbgKrnlInfoRelease call that follows happens after g_pfnrtExFreePoolWithTag is initialized, however, and therefore causes a mismatch.

This should result in a BAD_POOL_CALLER bug check when using a checked build of Windows. It also reproduces in ReactOS (downstream bug, and produces log output like the following:

(ntoskrnl/mm/ARM3/expool.c:2530) Freeing pool - invalid tag specified: IPRT != None

*** Fatal System Error: 0x000000c2

Entered debugger on embedded INT3 at 0x0008:0x809543a4.
kdb:> bt
<ntoskrnl.exe:1543a5 (:0 (RtlpBreakWithStatusInstruction))>
<ntoskrnl.exe:8c47d (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>
<ntoskrnl.exe:8ca54 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>
<ntoskrnl.exe:ab8c2 (ntoskrnl/mm/ARM3/expool.c:2531 (ExFreePoolWithTag))>
<VBoxGuest.sys:153f5 (src/VBox/Runtime/r0drv/nt/alloc-r0drv-nt.cpp:80 (rtR0MemFree))>
<VBoxGuest.sys:d496 (src/VBox/Runtime/r0drv/alloc-r0drv.cpp:108 (RTMemTmpFree))>
<VBoxGuest.sys:fd27 (src/VBox/Runtime/r0drv/nt/dbgkrnlinfo-r0drv-nt.cpp:594 (RTR0DbgKrnlInfoRelease))>
<VBoxGuest.sys:15e95 (src/VBox/Runtime/r0drv/nt/initterm-r0drv-nt.cpp:345 (rtR0InitNative))>
<VBoxGuest.sys:d29c (src/VBox/Runtime/r0drv/initterm-r0drv.cpp:88 (RTR0Init))>
<ntoskrnl.exe:63cd4 (ntoskrnl/io/iomgr/driver.c:1587 (IopCreateDriver))>


howtoreproduce.PNG Download (6.6 KB) - added by Saibamen 3 years ago.

Change History

comment:1 Changed 4 years ago by bird

  • Summary changed from Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 to Mismatched pool allocation/free in VBoxGuest.sys in 6.0 RC1 => fixed in svn

Thanks a lot for pointing directly to the problem. I've committed a fix to trunk and 6.0. Will be shipped in the next 6.0.x release, and any test build additions with revision number 128657 or higher.

comment:2 Changed 3 years ago by Saibamen

It is fixed in 6.0.6? I didn't see any changelog for this in 6.0.6

Last edited 3 years ago by Saibamen (previous) (diff)

Changed 3 years ago by Saibamen

comment:3 Changed 3 years ago by michael

Sorry about that, adding to the 6.0.6 change log "after the fact".

comment:4 Changed 3 years ago by michael

I hope I credited you correctly<1>.


comment:5 Changed 3 years ago by michael

  • Status changed from new to closed
  • Resolution set to fixed

comment:6 Changed 22 months ago by nidhigh

Last edited 21 months ago by nidhigh (previous) (diff)

comment:7 Changed 22 months ago by nidhigh

Last edited 21 months ago by nidhigh (previous) (diff)

comment:8 Changed 21 months ago by themevolty

15+ Free Prestashop Themes that makes your website more creative. These <a href="">Prestashop Themes </a>.makes your website more Lucrative. Free Prestashop Themes....

PrestaShop <a href=""> prestashop 1.7 themes</a> is one of the well-known open-source e-commerce solutions to create an online web. restaShop is somewhat complex. But this tutorial very helpful for you.

Prestashop is a more secure framework compare to other frameworks,and this framework main benefit is that it's easy to use and provide a user-friendly environment.

Recently Prestashop releases a newer version it's faster and Gives a good experience.and when you install any version of Prestashop please be careful with PHP versions of your server

I Give you a link. you can go with this link and select your PHP version according to your Prestashop installed version.

Now that you intend to build a <a href=""> themes for PrestaShop</a>, you are better off keeping all your development work on your server. Another advantage is that a local server test environment enables you to test code without the risk of the store and you can check code in your local environment. Having a local environment is the essential first step in the web development <a href="">Prestashop template</a>

Read More:

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use