[WIN32K]

- Reinstate ProbeForWrite call in MmCopyToCaller CORE-8095 #resolve svn path=/trunk/; revision=62958
2024-11-19 21:48:10 +00:00 · 2014-04-24 17:19:20 +00:00 · 2014-04-24 17:19:20 +00:00 · 3eff9e0536
commit 3eff9e0536
parent 2ad472f039
2 changed files with 41 additions and 10 deletions
--- a/reactos/win32ss/user/ntuser/misc/copy.c
+++ b/reactos/win32ss/user/ntuser/misc/copy.c
@ -1,12 +1,22 @@
 #include "win32k.h"

-NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes ) {
-    NTSTATUS Status = STATUS_SUCCESS;
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyFromCaller(
+    _Out_writes_bytes_all_(Bytes) PVOID Target,
+    _In_reads_bytes_(Bytes) PVOID Source,
+    _In_ UINT Bytes)
+{
+    NTSTATUS Status;

+    PAGED_CODE();
+    ASSERT(ExGetPreviousMode() == UserMode);
+
+    Status = STATUS_SUCCESS;
    _SEH2_TRY
    {
-        ProbeForRead(Source,Bytes,1);
-        RtlCopyMemory(Target,Source,Bytes);
+        ProbeForRead(Source, Bytes, 1);
+        RtlCopyMemory(Target, Source, Bytes);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
@ -17,13 +27,23 @@ NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes ) {
    return Status;
 }

-NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes ) {
-    NTSTATUS Status = STATUS_SUCCESS;
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyToCaller(
+    _Out_writes_bytes_all_(Bytes) PVOID Target,
+    _In_reads_bytes_(Bytes) PVOID Source,
+    _In_ UINT Bytes)
+{
+    NTSTATUS Status;

+    PAGED_CODE();
+    ASSERT(ExGetPreviousMode() == UserMode);
+
+    Status = STATUS_SUCCESS;
    _SEH2_TRY
    {
-        /* ProbeForWrite(Target,Bytes,1); */
-        RtlCopyMemory(Target,Source,Bytes);
+        ProbeForWrite(Target, Bytes, 1);
+        RtlCopyMemory(Target, Source, Bytes);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
--- a/reactos/win32ss/user/ntuser/mmcopy.h
+++ b/reactos/win32ss/user/ntuser/mmcopy.h
@ -1,8 +1,19 @@
 #pragma once


-NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes );
-NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes );
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyFromCaller(
+    _Out_writes_bytes_all_(Bytes) PVOID Target,
+    _In_reads_bytes_(Bytes) PVOID Source,
+    _In_ UINT Bytes);
+
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyToCaller(
+    _Out_writes_bytes_all_(Bytes) PVOID Target,
+    _In_reads_bytes_(Bytes) PVOID Source,
+    _In_ UINT Bytes);

 #define MmCopyFromCaller(x,y,z) _MmCopyFromCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z))
 #define MmCopyToCaller(x,y,z) _MmCopyToCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z))