diff --git a/rostests/drivers/kmtest/kmtest.rbuild b/rostests/drivers/kmtest/kmtest.rbuild
index c1e34ff433c..e45f8a6baea 100644
--- a/rostests/drivers/kmtest/kmtest.rbuild
+++ b/rostests/drivers/kmtest/kmtest.rbuild
@@ -3,6 +3,7 @@
include/reactos/drivers
ntoskrnl
hal
+ pseh
kmtest.c
deviface.c
deviface_test.c
diff --git a/rostests/drivers/kmtest/ntos_pools.c b/rostests/drivers/kmtest/ntos_pools.c
index dd4273b306f..816d7c325f3 100644
--- a/rostests/drivers/kmtest/ntos_pools.c
+++ b/rostests/drivers/kmtest/ntos_pools.c
@@ -25,6 +25,8 @@
#include
#include
#include
+/* SEH support with PSEH */
+#include
#include "kmtest.h"
//#define NDEBUG
@@ -125,10 +127,61 @@ PoolsTest()
FinishTest("NTOSKRNL Pools Tests");
}
+VOID
+PoolsCorruption()
+{
+ PULONG Ptr, TestPtr;
+ ULONG AllocSize;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ StartTest();
+
+ // start with non-paged pool
+ AllocSize = 4096 + 0x10;
+ Ptr = ExAllocatePoolWithTag(NonPagedPool, AllocSize, TAG_POOLTEST);
+
+ // touch all bytes, it shouldn't cause an exception
+ RtlZeroMemory(Ptr, AllocSize);
+
+ // test buffer overrun, right after our allocation ends
+ _SEH2_TRY
+ {
+ TestPtr = (PULONG)((PUCHAR)Ptr + AllocSize);
+ //Ptr[4] = 0xd33dbeef;
+ *TestPtr = 0xd33dbeef;
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Get the status */
+ Status = _SEH2_GetExceptionCode();
+ } _SEH2_END;
+
+ ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status);
+
+ // test overrun in a distant byte range, but within 4096KB
+ _SEH2_TRY
+ {
+ Ptr[2020] = 0xdeadb33f;
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ /* Get the status */
+ Status = _SEH2_GetExceptionCode();
+ } _SEH2_END;
+
+ ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status);
+
+ // free the pool
+ ExFreePoolWithTag(Ptr, TAG_POOLTEST);
+
+ FinishTest("NTOSKRNL Pool Corruption");
+}
+
/* PUBLIC FUNCTIONS ***********************************************************/
VOID
NtoskrnlPoolsTest()
{
PoolsTest();
+ //PoolsCorruption();
}