ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: Check for valid memory view size directly in VIRTUAL_FindView.

This commit is contained in:
Alexandre Julliard 2008-11-25 11:58:50 +01:00
parent 42fb9fe779
commit aece8e0700
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
dlls/ntdll/virtual.c
View File

@ -250,14 +250,17 @@ static void VIRTUAL_Dump(void)
* View: Success * View: Success
* NULL: Failure * NULL: Failure
*/ */
static struct file_view *VIRTUAL_FindView( const void *addr ) static struct file_view *VIRTUAL_FindView( const void *addr, size_t size )
{ {
struct file_view *view; struct file_view *view;
LIST_FOR_EACH_ENTRY( view, &views_list, struct file_view, entry ) LIST_FOR_EACH_ENTRY( view, &views_list, struct file_view, entry )
{ {
if (view->base > addr) break; if (view->base > addr) break; /* no matching view */
if ((const char*)view->base + view->size > (const char*)addr) return view; if ((const char *)view->base + view->size <= (const char *)addr) continue;
if ((const char *)view->base + view->size < (const char *)addr + size) break; /* size too large */
if ((const char *)addr + size < (const char *)addr) break; /* overflow */
return view;
} }
return NULL; return NULL;
} }
@ -1318,7 +1321,7 @@ SIZE_T virtual_free_system_view( PVOID *addr_ptr )
char *base = ROUND_ADDR( *addr_ptr, page_mask ); char *base = ROUND_ADDR( *addr_ptr, page_mask );
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if ((view = VIRTUAL_FindView( base ))) if ((view = VIRTUAL_FindView( base, 0 )))
{ {
TRACE( "freeing %p-%p\n", view->base, (char *)view->base + view->size ); TRACE( "freeing %p-%p\n", view->base, (char *)view->base + view->size );
/* return the values that the caller should use to unmap the area */ /* return the values that the caller should use to unmap the area */
@ -1405,7 +1408,7 @@ NTSTATUS VIRTUAL_HandleFault( LPCVOID addr )
sigset_t sigset; sigset_t sigset;
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if ((view = VIRTUAL_FindView( addr ))) if ((view = VIRTUAL_FindView( addr, 0 )))
{ {
void *page = ROUND_ADDR( addr, page_mask ); void *page = ROUND_ADDR( addr, page_mask );
BYTE vprot = view->prot[((const char *)page - (const char *)view->base) >> page_shift]; BYTE vprot = view->prot[((const char *)page - (const char *)view->base) >> page_shift];
@ -1433,7 +1436,7 @@ BOOL virtual_handle_stack_fault( void *addr )
BOOL ret = FALSE; BOOL ret = FALSE;
RtlEnterCriticalSection( &csVirtual ); /* no need for signal masking inside signal handler */ RtlEnterCriticalSection( &csVirtual ); /* no need for signal masking inside signal handler */
if ((view = VIRTUAL_FindView( addr ))) if ((view = VIRTUAL_FindView( addr, 0 )))
{ {
void *page = ROUND_ADDR( addr, page_mask ); void *page = ROUND_ADDR( addr, page_mask );
BYTE vprot = view->prot[((const char *)page - (const char *)view->base) >> page_shift]; BYTE vprot = view->prot[((const char *)page - (const char *)view->base) >> page_shift];
@ -1628,8 +1631,7 @@ NTSTATUS WINAPI NtAllocateVirtualMemory( HANDLE process, PVOID *ret, ULONG zero_
} }
else /* commit the pages */ else /* commit the pages */
{ {
if (!(view = VIRTUAL_FindView( base )) || if (!(view = VIRTUAL_FindView( base, size ))) status = STATUS_NOT_MAPPED_VIEW;
((char *)base + size > (char *)view->base + view->size)) status = STATUS_NOT_MAPPED_VIEW;
else if (!VIRTUAL_SetProt( view, base, size, vprot )) status = STATUS_ACCESS_DENIED; else if (!VIRTUAL_SetProt( view, base, size, vprot )) status = STATUS_ACCESS_DENIED;
else if (view->mapping && !(view->protect & VPROT_COMMITTED)) else if (view->mapping && !(view->protect & VPROT_COMMITTED))
{ {
@ -1702,9 +1704,7 @@ NTSTATUS WINAPI NtFreeVirtualMemory( HANDLE process, PVOID *addr_ptr, SIZE_T *si
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if (!(view = VIRTUAL_FindView( base )) || if (!(view = VIRTUAL_FindView( base, size )) || !(view->protect & VPROT_VALLOC))
(base + size > (char *)view->base + view->size) ||
!(view->protect & VPROT_VALLOC))
{ {
status = STATUS_INVALID_PARAMETER; status = STATUS_INVALID_PARAMETER;
} }
@ -1787,7 +1787,7 @@ NTSTATUS WINAPI NtProtectVirtualMemory( HANDLE process, PVOID *addr_ptr, SIZE_T
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if (!(view = VIRTUAL_FindView( base )) || (base + size > (char *)view->base + view->size)) if (!(view = VIRTUAL_FindView( base, size )))
{ {
status = STATUS_INVALID_PARAMETER; status = STATUS_INVALID_PARAMETER;
} }
@ -2335,7 +2335,7 @@ NTSTATUS WINAPI NtUnmapViewOfSection( HANDLE process, PVOID addr )
} }
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if ((view = VIRTUAL_FindView( base )) && (base == view->base)) if ((view = VIRTUAL_FindView( base, 0 )) && (base == view->base))
{ {
delete_view( view ); delete_view( view );
status = STATUS_SUCCESS; status = STATUS_SUCCESS;
@ -2379,7 +2379,7 @@ NTSTATUS WINAPI NtFlushVirtualMemory( HANDLE process, LPCVOID *addr_ptr,
} }
server_enter_uninterrupted_section( &csVirtual, &sigset ); server_enter_uninterrupted_section( &csVirtual, &sigset );
if (!(view = VIRTUAL_FindView( addr ))) status = STATUS_INVALID_PARAMETER; if (!(view = VIRTUAL_FindView( addr, *size_ptr ))) status = STATUS_INVALID_PARAMETER;
else else
{ {
if (!*size_ptr) *size_ptr = view->size; if (!*size_ptr) *size_ptr = view->size;