[NTOSKRNL]

- Protect against invalid ThreadContext pointer in PspCreateThread. Spotted by Aleksander Andrejevic. CORE-7252 - Fix MSVC warning in HdlspDispatch svn path=/trunk/; revision=60401
2025-08-02 05:25:48 +00:00 · 2013-09-28 08:37:47 +00:00 · 2013-09-28 08:37:47 +00:00 · 5c5939994a
commit 5c5939994a
parent a86e82a7d4
2 changed files with 23 additions and 12 deletions
--- a/reactos/ntoskrnl/ex/hdlsterm.c
+++ b/reactos/ntoskrnl/ex/hdlsterm.c
@ -417,7 +417,7 @@ HdlspDispatch(IN HEADLESS_CMD Command,
            HeadlessInfo = OutputBuffer;
            HeadlessInfo->PortType = HeadlessSerialPort;
            HeadlessInfo->Serial.TerminalAttached = TRUE;
-            HeadlessInfo->Serial.UsedBiosSettings = HeadlessGlobals->UsedBiosSettings;
+            HeadlessInfo->Serial.UsedBiosSettings = HeadlessGlobals->UsedBiosSettings != 0;
            HeadlessInfo->Serial.TerminalBaudRate = HeadlessGlobals->TerminalBaudRate;
            HeadlessInfo->Serial.TerminalType = HeadlessGlobals->TerminalType;

--- a/reactos/ntoskrnl/ps/thread.c
+++ b/reactos/ntoskrnl/ps/thread.c
@ -317,19 +317,30 @@ PspCreateThread(OUT PHANDLE ThreadHandle,
            return Status;
        }

-        /* Set the Start Addresses */
-        Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
-        Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext);
+        /* Set the Start Addresses from the untrusted ThreadContext */
+        _SEH2_TRY
+        {
+            Thread->StartAddress = (PVOID)KeGetContextPc(ThreadContext);
+            Thread->Win32StartAddress = (PVOID)KeGetContextReturnRegister(ThreadContext);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            Status = _SEH2_GetExceptionCode();
+        }
+        _SEH2_END;

        /* Let the kernel intialize the Thread */
-        Status = KeInitThread(&Thread->Tcb,
-                              NULL,
-                              PspUserThreadStartup,
-                              NULL,
-                              Thread->StartAddress,
-                              ThreadContext,
-                              TebBase,
-                              &Process->Pcb);
+        if (NT_SUCCESS(Status))
+        {
+            Status = KeInitThread(&Thread->Tcb,
+                                  NULL,
+                                  PspUserThreadStartup,
+                                  NULL,
+                                  Thread->StartAddress,
+                                  ThreadContext,
+                                  TebBase,
+                                  &Process->Pcb);
+        }
    }
    else
    {