Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an exception frame and do free allocated resources if an exception occurs.

Browse source 
svn path=/trunk/; revision=14418
This commit is contained in:
Hartmut Birr 2005-04-01 18:17:47 +00:00
parent fc9d1af415
commit 4ea628ccaa
1 changed files with 74 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
reactos/ntoskrnl/io/buildirp.c
View file

@ -37,7 +37,6 @@ NTSTATUS IoPrepareIrpBuffer(PIRP Irp,
(PVOID)ExAllocatePoolWithTag(NonPagedPool,Length, TAG_SYS_BUF); (PVOID)ExAllocatePoolWithTag(NonPagedPool,Length, TAG_SYS_BUF);
if (Irp->AssociatedIrp.SystemBuffer==NULL) if (Irp->AssociatedIrp.SystemBuffer==NULL)
{ {
IoFreeIrp(Irp);
return(STATUS_NOT_IMPLEMENTED); return(STATUS_NOT_IMPLEMENTED);
} }
/* FIXME: should copy buffer in on other ops */ /* FIXME: should copy buffer in on other ops */
@ -121,13 +120,34 @@ IoBuildAsynchronousFsdRequest(ULONG MajorFunction,
StackPtr->FileObject = NULL; StackPtr->FileObject = NULL;
StackPtr->CompletionRoutine = NULL; StackPtr->CompletionRoutine = NULL;
if (Buffer != NULL) if (Length > 0)
{ {
IoPrepareIrpBuffer(Irp, NTSTATUS Status = STATUS_SUCCESS;
DeviceObject,
Buffer, _SEH_FILTER(FreeAndGoOn)
Length, {
MajorFunction); IoFreeIrp(Irp);
return EXCEPTION_CONTINUE_SEARCH;
}
_SEH_TRY_FILTER(FreeAndGoOn)
{
Status = IoPrepareIrpBuffer(Irp,
DeviceObject,
Buffer,
Length,
MajorFunction);
}
_SEH_HANDLE
{
KEBUGCHECK(0);
}
_SEH_END;
if (!NT_SUCCESS(Status))
{
IoFreeIrp(Irp);
return NULL;
}
} }
if (MajorFunction == IRP_MJ_READ) if (MajorFunction == IRP_MJ_READ)
@ -296,7 +316,27 @@ IoBuildDeviceIoControlRequest(ULONG IoControlCode,
FALSE, FALSE,
FALSE, FALSE,
Irp); Irp);
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess); if (Irp->MdlAddress == NULL)
{
IoFreeIrp(Irp);
return NULL;
}
_SEH_FILTER(FreeAndGoOn)
{
IoFreeIrp(Irp);
return EXCEPTION_CONTINUE_SEARCH;
}
_SEH_TRY_FILTER(FreeAndGoOn)
{
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
}
_SEH_HANDLE
{
KEBUGCHECK(0);
}
_SEH_END;
} }
break; break;
@ -329,7 +369,26 @@ IoBuildDeviceIoControlRequest(ULONG IoControlCode,
FALSE, FALSE,
FALSE, FALSE,
Irp); Irp);
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess); if (Irp->MdlAddress == NULL)
{
IoFreeIrp(Irp);
return NULL;
}
_SEH_FILTER(FreeAndGoOn)
{
IoFreeIrp(Irp);
return EXCEPTION_CONTINUE_SEARCH;
}
_SEH_TRY_FILTER(FreeAndGoOn)
{
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
}
_SEH_HANDLE
{
KEBUGCHECK(0);
}
_SEH_END;
} }
break; break;
@ -352,12 +411,12 @@ IoBuildDeviceIoControlRequest(ULONG IoControlCode,
*/ */
PIRP STDCALL PIRP STDCALL
IoBuildSynchronousFsdRequest(ULONG MajorFunction, IoBuildSynchronousFsdRequest(ULONG MajorFunction,
PDEVICE_OBJECT DeviceObject, PDEVICE_OBJECT DeviceObject,
PVOID Buffer, PVOID Buffer,
ULONG Length, ULONG Length,
PLARGE_INTEGER StartingOffset, PLARGE_INTEGER StartingOffset,
PKEVENT Event, PKEVENT Event,
PIO_STATUS_BLOCK IoStatusBlock) PIO_STATUS_BLOCK IoStatusBlock)
/* /*
* FUNCTION: Allocates and builds an IRP to be sent synchronously to lower * FUNCTION: Allocates and builds an IRP to be sent synchronously to lower
* level driver(s) * level driver(s)