From f979d1b23756f2f74b62306a9a44f3231e759f61 Mon Sep 17 00:00:00 2001
From: Hartmut Birr <osexpert@googlemail.com>
Date: Sun, 2 Feb 2003 08:55:51 +0000
Subject: [PATCH] Check the length of the gap if this starts at the begin or
 end of the area in MmFindGap.

svn path=/trunk/; revision=4099
---
 reactos/ntoskrnl/mm/marea.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/reactos/ntoskrnl/mm/marea.c b/reactos/ntoskrnl/mm/marea.c
index dfb5dd55522..d6dfe50cf4a 100644
--- a/reactos/ntoskrnl/mm/marea.c
+++ b/reactos/ntoskrnl/mm/marea.c
@@ -212,6 +212,7 @@ PVOID MmFindGap(PMADDRESS_SPACE AddressSpace, ULONG Length)
    MEMORY_AREA* current;
    MEMORY_AREA* next;
    ULONG Gap;
+   PVOID Address;
    
    DPRINT("MmFindGap(Length %x)\n",Length);
    
@@ -232,11 +233,29 @@ PVOID MmFindGap(PMADDRESS_SPACE AddressSpace, ULONG Length)
    
    if (current_entry == ListHead)
      {
-	return((PVOID)AddressSpace->LowestAddress);
+	Address = (PVOID)AddressSpace->LowestAddress;
      }
-   
-   current = CONTAINING_RECORD(current_entry,MEMORY_AREA,Entry);
-   return(current->BaseAddress + PAGE_ROUND_UP(current->Length));
+   else
+     {
+        current = CONTAINING_RECORD(current_entry,MEMORY_AREA,Entry);
+        Address = current->BaseAddress + PAGE_ROUND_UP(current->Length);
+     }
+   /* Check if enough space for the block */
+   if (AddressSpace->LowestAddress < KERNEL_BASE)
+     {
+        if ((ULONG)Address >= KERNEL_BASE || Length > KERNEL_BASE - (ULONG)Address)
+	  {
+	     return NULL;
+	  }
+     }
+   else
+     {
+        if (Length >= 0xFFFFFFFF - (ULONG)Address)
+          {
+	     return NULL;
+	  }
+     }
+   return Address;
 }
 
 NTSTATUS MmInitMemoryAreas(VOID)