Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-28 08:51:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

[NTOS:MM] Properly fail for invalid sizes of data section mappings

Browse source
This commit is contained in:
Jérôme Gardou 2021-02-08 14:33:08 +01:00 committed by Jérôme Gardou
parent 4c731adc04
commit 998870c5ea
1 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
ntoskrnl/mm/ARM3/section.c
View file

@ -1326,25 +1326,26 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea,
/* Check if the caller specified the view size */
if (!(*ViewSize))
{
LONGLONG ViewSizeLL;
/* The caller did not, so pick a 64K aligned view size based on the offset */
SectionOffset->LowPart &= ~(_64K - 1);
/* Make sure that we will not overflow */
if ((Section->SizeOfSection.QuadPart - SectionOffset->QuadPart) > MAXLONG_PTR)
/* Calculate size and make sure this fits */
if (!NT_SUCCESS(RtlLongLongSub(Section->SizeOfSection.QuadPart, SectionOffset->QuadPart, &ViewSizeLL))
|| !NT_SUCCESS(RtlLongLongToSIZET(ViewSizeLL, ViewSize))
|| (*ViewSize > MAXLONG_PTR))
{
MiDereferenceControlArea(ControlArea);
return STATUS_INVALID_VIEW_SIZE;
}
*ViewSize = (SIZE_T)(Section->SizeOfSection.QuadPart - SectionOffset->QuadPart);
}
else
{
/* A size was specified, align it to a 64K boundary */
*ViewSize += SectionOffset->LowPart & (_64K - 1);
/* Check for overflow or huge value */
if ((*ViewSize < (SectionOffset->LowPart & (_64K - 1))) || ((*ViewSize) > MAXLONG_PTR))
/* A size was specified, align it to a 64K boundary
* and check for overflow or huge value. */
if (!NT_SUCCESS(RtlSIZETAdd(*ViewSize, SectionOffset->LowPart & (_64K - 1), ViewSize))
|| (*ViewSize > MAXLONG_PTR))
{
MiDereferenceControlArea(ControlArea);
return STATUS_INVALID_VIEW_SIZE;