Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-23 02:56:09 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS/MM]

Browse source 
- Shuffle parameter chacks in NtMapViewOfSection to make kmtest pass more of them
 - Restore previously lost check on ZeroBits against 21. Use the architecture specific define
 - Better check for ZeroBits and ViewSize

svn path=/trunk/; revision=72497
This commit is contained in:
Jérôme Gardou 2016-08-28 21:07:51 +00:00
parent 78bb256379
commit 0e07d3b761
1 changed files with 28 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
reactos/ntoskrnl/mm/ARM3/section.c
View file

@ -3550,14 +3550,40 @@ NtMapViewOfSection(IN HANDLE SectionHandle,
}
_SEH2_END;
/* Check for invalid zero bits */
if (ZeroBits && SafeBaseAddress)
/* Check for kernel-mode address */
if (SafeBaseAddress > MM_HIGHEST_VAD_ADDRESS)
{
DPRINT1("Kernel base not allowed\n");
return STATUS_INVALID_PARAMETER_3;
}
/* Check for range entering kernel-mode */
if (((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - (ULONG_PTR)SafeBaseAddress) < SafeViewSize)
{
DPRINT1("Overflowing into kernel base not allowed\n");
return STATUS_INVALID_PARAMETER_3;
}
/* Check for invalid zero bits */
if (ZeroBits)
{
if (ZeroBits > MI_MAX_ZERO_BITS)
{
DPRINT1("Invalid zero bits\n");
return STATUS_INVALID_PARAMETER_4;
}
if ((((ULONG_PTR)SafeBaseAddress << ZeroBits) >> ZeroBits) != (ULONG_PTR)SafeBaseAddress)
{
DPRINT1("Invalid zero bits\n");
return STATUS_INVALID_PARAMETER_4;
}
if (((((ULONG_PTR)SafeBaseAddress + SafeViewSize) << ZeroBits) >> ZeroBits) != ((ULONG_PTR)SafeBaseAddress + SafeViewSize))
{
DPRINT1("Invalid zero bits\n");
return STATUS_INVALID_PARAMETER_4;
}
}
if (!(AllocationType & MEM_DOS_LIM))
@ -3577,27 +3603,6 @@ NtMapViewOfSection(IN HANDLE SectionHandle,
}
}
/* Check for kernel-mode address */
if (SafeBaseAddress > MM_HIGHEST_VAD_ADDRESS)
{
DPRINT1("Kernel base not allowed\n");
return STATUS_INVALID_PARAMETER_3;
}
/* Check for range entering kernel-mode */
if (((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - (ULONG_PTR)SafeBaseAddress) < SafeViewSize)
{
DPRINT1("Overflowing into kernel base not allowed\n");
return STATUS_INVALID_PARAMETER_3;
}
/* Check for invalid zero bits */
if (((ULONG_PTR)SafeBaseAddress + SafeViewSize) > (0xFFFFFFFF >> ZeroBits)) // arch?
{
DPRINT1("Invalid zero bits\n");
return STATUS_INVALID_PARAMETER_4;
}
/* Reference the process */
Status = ObReferenceObjectByHandle(ProcessHandle,
PROCESS_VM_OPERATION,