From 979b7d4d8e6ca8e80ea5b30c70f17a7c868b060f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= Date: Sun, 27 Jun 2021 14:44:54 +0200 Subject: [PATCH] [TCPIP] Fix bugcheck when using fragmented datagrams Memory was allocated from paged pool, and freed at DISPATCH_LEVEL, leading to the following bugcheck: *** Fatal System Error: 0x000000c2 (0x00000009,0x00000002,0x00000001,0xB7C8A268) Entered debugger on embedded INT3 at 0x0008:0x8058324B. kdb:> bt Eip: --- sdk/lib/drivers/ip/network/receive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/lib/drivers/ip/network/receive.c b/sdk/lib/drivers/ip/network/receive.c index bddef7972dd..86e7ff7475c 100644 --- a/sdk/lib/drivers/ip/network/receive.c +++ b/sdk/lib/drivers/ip/network/receive.c @@ -215,7 +215,7 @@ ReassembleDatagram( RtlCopyMemory(&IPPacket->DstAddr, &IPDR->DstAddr, sizeof(IP_ADDRESS)); /* Allocate space for full IP datagram */ - IPPacket->Header = ExAllocatePoolWithTag(PagedPool, IPPacket->TotalSize, PACKET_BUFFER_TAG); + IPPacket->Header = ExAllocatePoolWithTag(NonPagedPool, IPPacket->TotalSize, PACKET_BUFFER_TAG); if (!IPPacket->Header) { TI_DbgPrint(MIN_TRACE, ("Insufficient resources.\n")); (*IPPacket->Free)(IPPacket);