From fca88bb94d4b953f2bd1c0152d704dbcb8b35b26 Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Fri, 5 Apr 2024 23:17:37 +0300
Subject: [PATCH] [NTOS:MM] Add more checks for MEMORY_AREA_OWNED_BY_ARM3

---
 ntoskrnl/cache/section/data.c | 2 +-
 ntoskrnl/mm/ARM3/virtual.c    | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/ntoskrnl/cache/section/data.c b/ntoskrnl/cache/section/data.c
index b9afadb1fdf..f49bc2a7d7f 100644
--- a/ntoskrnl/cache/section/data.c
+++ b/ntoskrnl/cache/section/data.c
@@ -720,7 +720,7 @@ MmUnmapViewOfCacheSegment(PMMSUPPORT AddressSpace,
     PMM_SECTION_SEGMENT Segment;
 
     MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, BaseAddress);
-    if (MemoryArea == NULL || MemoryArea->DeleteInProgress)
+    if (MemoryArea == NULL || MemoryArea->Type == MEMORY_AREA_OWNED_BY_ARM3 || MemoryArea->DeleteInProgress)
     {
         ASSERT(MemoryArea);
         return STATUS_UNSUCCESSFUL;
diff --git a/ntoskrnl/mm/ARM3/virtual.c b/ntoskrnl/mm/ARM3/virtual.c
index cb38b4a1502..fde9899eae0 100644
--- a/ntoskrnl/mm/ARM3/virtual.c
+++ b/ntoskrnl/mm/ARM3/virtual.c
@@ -1902,10 +1902,9 @@ MiQueryMemoryBasicInformation(IN HANDLE ProcessHandle,
 
     /* Find the memory area the specified address belongs to */
     MemoryArea = MmLocateMemoryAreaByAddress(&TargetProcess->Vm, BaseAddress);
-    ASSERT(MemoryArea != NULL);
 
     /* Determine information dependent on the memory area type */
-    if (MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
+    if (MemoryArea && MemoryArea->Type == MEMORY_AREA_SECTION_VIEW)
     {
         Status = MmQuerySectionView(MemoryArea, BaseAddress, &MemoryInfo, &ResultLength);
         if (!NT_SUCCESS(Status))
@@ -4914,8 +4913,7 @@ NtAllocateVirtualMemory(IN HANDLE ProcessHandle,
     // Make sure this is an ARM3 section
     //
     MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, (PVOID)PAGE_ROUND_DOWN(PBaseAddress));
-    ASSERT(MemoryArea != NULL);
-    if (MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)
+    if (MemoryArea && MemoryArea->Type != MEMORY_AREA_OWNED_BY_ARM3)
     {
         DPRINT1("Illegal commit of non-ARM3 section!\n");
         Status = STATUS_ALREADY_COMMITTED;