Fix some sandbox memory leaks
The memory allocated by AllocAndCopyName was not being freed under certain conditions.
Credit to yunli.sharing@gmail.com for spotting these.
BUG=414039
Review URL: https://codereview.chromium.org/849553002
Cr-Commit-Position: refs/heads/master@{#311079}
diff --git a/sandbox/win/src/filesystem_interception.cc b/sandbox/win/src/filesystem_interception.cc
index 179cad5..043e1fa 100644
--- a/sandbox/win/src/filesystem_interception.cc
+++ b/sandbox/win/src/filesystem_interception.cc
@@ -74,14 +74,15 @@
if (SBOX_ALL_OK != code)
break;
+ status = answer.nt_status;
+
if (!NT_SUCCESS(answer.nt_status))
- return answer.nt_status;
+ break;
__try {
*file = answer.handle;
io_status->Status = answer.nt_status;
io_status->Information = answer.extended[0].ulong_ptr;
- status = io_status->Status;
} __except(EXCEPTION_EXECUTE_HANDLER) {
break;
}
@@ -145,14 +146,15 @@
if (SBOX_ALL_OK != code)
break;
+ status = answer.nt_status;
+
if (!NT_SUCCESS(answer.nt_status))
- return answer.nt_status;
+ break;
__try {
*file = answer.handle;
io_status->Status = answer.nt_status;
io_status->Information = answer.extended[0].ulong_ptr;
- status = io_status->Status;
} __except(EXCEPTION_EXECUTE_HANDLER) {
break;
}
@@ -208,12 +210,10 @@
ResultCode code = CrossCall(ipc, IPC_NTQUERYATTRIBUTESFILE_TAG, name,
attributes, file_info, &answer);
- operator delete(name, NT_ALLOC);
-
if (SBOX_ALL_OK != code)
break;
- return answer.nt_status;
+ status = answer.nt_status;
} while (false);
@@ -269,12 +269,10 @@
ResultCode code = CrossCall(ipc, IPC_NTQUERYFULLATTRIBUTESFILE_TAG, name,
attributes, file_info, &answer);
- operator delete(name, NT_ALLOC);
-
if (SBOX_ALL_OK != code)
break;
- return answer.nt_status;
+ status = answer.nt_status;
} while (false);
if (name)
