From 1e01c52c0cff076191a72e18e666ff4342592945 Mon Sep 17 00:00:00 2001
From: Aiken Harris <harraiken91@gmail.com>
Date: Wed, 25 Mar 2026 07:48:13 +0100
Subject: [PATCH] Clear the internal list links to prevent corruption

---
 xtoskrnl/mm/alloc.cc | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/xtoskrnl/mm/alloc.cc b/xtoskrnl/mm/alloc.cc
index ae50360..859eaf1 100644
--- a/xtoskrnl/mm/alloc.cc
+++ b/xtoskrnl/mm/alloc.cc
@@ -357,6 +357,10 @@ MM::Allocator::AllocatePool(IN MMPOOL_TYPE PoolType,
         /* Register the allocation in the tracking table */
         RegisterAllocationTag(Tag, SIZE_TO_PAGES(Bytes), PoolType);
 
+        /* Clear the internal list links to prevent corruption */
+        ((PLIST_ENTRY)PoolEntry)->Flink = NULLPTR;
+        ((PLIST_ENTRY)PoolEntry)->Blink = NULLPTR;
+
         /* Supply the allocated address and return success */
         *Memory = PoolEntry;
         return STATUS_SUCCESS;
@@ -464,7 +468,7 @@ MM::Allocator::AllocatePool(IN MMPOOL_TYPE PoolType,
             /* Assign the specified identification tag */
             PoolEntry->PoolTag = Tag;
 
-            /* Clear the internal list links */
+            /* Clear the internal list links to prevent corruption */
             (GetPoolFreeBlock(PoolEntry))->Flink = NULLPTR;
             (GetPoolFreeBlock(PoolEntry))->Blink = NULLPTR;
 
@@ -538,6 +542,10 @@ MM::Allocator::AllocatePool(IN MMPOOL_TYPE PoolType,
     /* Apply the requested identification tag */
     PoolEntry->PoolTag = Tag;
 
+    /* Clear the internal list links to prevent corruption */
+    (GetPoolFreeBlock(PoolEntry))->Flink = NULLPTR;
+    (GetPoolFreeBlock(PoolEntry))->Blink = NULLPTR;
+
     /* Supply the allocated address and return success */
     *Memory = GetPoolFreeBlock(PoolEntry);
     return STATUS_SUCCESS;