From cbcf5339f6f1fe3771a660188ee40584883aee81 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Thu, 2 Jul 2026 21:20:18 +0900 Subject: [PATCH] Windows: fix work item pool cleanup on allocation failure and queue restart Zero the preallocated work item pool before the shared error cleanup can scan it, since driver TCalloc uses uninitialized pool memory. Also clear WorkItemPool after EncryptedIoQueueStop frees it so a reused queue cannot retry cleanup through a stale pointer on a later start failure. --- src/Driver/EncryptedIoQueue.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c index 4fa6c459..ed2c9478 100644 --- a/src/Driver/EncryptedIoQueue.c +++ b/src/Driver/EncryptedIoQueue.c @@ -1382,6 +1382,10 @@ retry_preallocated: goto noMemory; } + // TCalloc does not zero memory: the cleanup at err: scans the whole pool + // and frees any non-NULL WorkItem, so all entries must start as NULL + RtlZeroMemory(queue->WorkItemPool, workItemPoolSize); + // Allocate and initialize work items for (i = 0; i < (int) queue->MaxWorkItems; ++i) { @@ -1514,6 +1518,9 @@ NTSTATUS EncryptedIoQueueStop (EncryptedIoQueue *queue) } } TCfree(queue->WorkItemPool); + // Clear the pointer: the boot drive filter reuses this queue struct across + // mount cycles, and a failed restart would otherwise free it again at err: + queue->WorkItemPool = NULL; TCfree (queue->FragmentBufferA); TCfree (queue->FragmentBufferB);