From 0a2ab85168b1aaecb261b5666105782ca4cc7927 Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey@reactos.org>
Date: Sat, 30 May 2009 10:57:31 +0000
Subject: [PATCH] - Add missing parameters probing.

svn path=/trunk/; revision=41203
---
 reactos/ntoskrnl/mm/anonmem.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/reactos/ntoskrnl/mm/anonmem.c b/reactos/ntoskrnl/mm/anonmem.c
index 293cae9465b..5cd878043c0 100644
--- a/reactos/ntoskrnl/mm/anonmem.c
+++ b/reactos/ntoskrnl/mm/anonmem.c
@@ -949,12 +949,14 @@ NtFreeVirtualMemory(IN HANDLE ProcessHandle,
  */
 {
    MEMORY_AREA* MemoryArea;
-   NTSTATUS Status;
+   NTSTATUS Status = STATUS_SUCCESS;
    PEPROCESS Process;
    PMMSUPPORT AddressSpace;
    PVOID BaseAddress;
    ULONG RegionSize;
 
+   PAGED_CODE();
+
    DPRINT("NtFreeVirtualMemory(ProcessHandle %x, *PBaseAddress %x, "
           "*PRegionSize %x, FreeType %x)\n",ProcessHandle,*PBaseAddress,
           *PRegionSize,FreeType);
@@ -965,6 +967,23 @@ NtFreeVirtualMemory(IN HANDLE ProcessHandle,
         return STATUS_INVALID_PARAMETER_4;
     }
 
+    if(ExGetPreviousMode() != KernelMode)
+    {
+        _SEH2_TRY
+        {
+            /* Probe user pointers */
+            ProbeForWriteSize_t(PRegionSize);
+            ProbeForWritePointer(PBaseAddress);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            /* Get exception code */
+            Status = _SEH2_GetExceptionCode();
+        }
+        _SEH2_END;
+        if (!NT_SUCCESS(Status)) return Status;
+    }
+
    BaseAddress = (PVOID)PAGE_ROUND_DOWN((*PBaseAddress));
    RegionSize = PAGE_ROUND_UP((ULONG_PTR)(*PBaseAddress) + (*PRegionSize)) -
                 PAGE_ROUND_DOWN((*PBaseAddress));