From 852517d18c4ae1bec4aac28c9a65ce544ee45dcf Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Mon, 28 Jan 2013 18:58:55 +0000
Subject: [PATCH] [NTOSKRNL:MM] - Validate virtual address range on pool free
 CORE-6929 CORE-6712 #resolve

svn path=/trunk/; revision=58247
---
 reactos/ntoskrnl/mm/ARM3/pool.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/reactos/ntoskrnl/mm/ARM3/pool.c b/reactos/ntoskrnl/mm/ARM3/pool.c
index 728949d7515..e8ade80eb16 100644
--- a/reactos/ntoskrnl/mm/ARM3/pool.c
+++ b/reactos/ntoskrnl/mm/ARM3/pool.c
@@ -408,8 +408,11 @@ MmDeterminePoolType(IN PVOID PoolAddress)
     //
     // Use a simple bounds check
     //
-    return (PoolAddress >= MmPagedPoolStart) && (PoolAddress <= MmPagedPoolEnd) ?
-            PagedPool : NonPagedPool;
+    if (PoolAddress >= MmPagedPoolStart && PoolAddress <= MmPagedPoolEnd)
+        return PagedPool;
+    else if (PoolAddress >= MmNonPagedPoolStart && PoolAddress <= MmNonPagedPoolEnd)
+        return NonPagedPool;
+    KeBugCheckEx(BAD_POOL_CALLER, 0x42, (ULONG_PTR)PoolAddress, 0, 0);
 }
 
 PVOID