[NTVDM]

Avoid array indexing with invalid indexes, always. svn path=/trunk/; revision=67347
2024-07-02 02:34:53 +00:00 · 2015-04-22 12:13:14 +00:00 · 2015-04-22 12:13:14 +00:00 · ffb82658c9
parent f1c1d10824
commit ffb82658c9
2 changed files with 19 additions and 9 deletions
--- a/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
+++ b/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
@ -35,12 +35,18 @@ static PVOID EmsMemory = NULL;

 /* PRIVATE FUNCTIONS **********************************************************/

+static PEMS_HANDLE GetHandleRecord(USHORT Handle)
+{
+    if (Handle >= EMS_MAX_HANDLES) return NULL;
+    return &HandleTable[Handle];
+}
+
 static USHORT EmsFree(USHORT Handle)
 {
    PLIST_ENTRY Entry;
-    PEMS_HANDLE HandleEntry = &HandleTable[Handle];
+    PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);

-    if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+    if (HandleEntry == NULL || !HandleEntry->Allocated)
    {
        return EMS_STATUS_INVALID_HANDLE;
    }
@ -131,7 +137,7 @@ static PEMS_PAGE GetLogicalPage(PEMS_HANDLE Handle, USHORT LogicalPage)
 static USHORT EmsMap(USHORT Handle, UCHAR PhysicalPage, USHORT LogicalPage)
 {
    PEMS_PAGE PageEntry;
-    PEMS_HANDLE HandleEntry = &HandleTable[Handle];
+    PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);

    if (PhysicalPage >= EMS_PHYSICAL_PAGES) return EMS_STATUS_INV_PHYSICAL_PAGE;
    if (LogicalPage == 0xFFFF)
@ -141,7 +147,10 @@ static USHORT EmsMap(USHORT Handle, UCHAR PhysicalPage, USHORT LogicalPage)
        return EMS_STATUS_OK;
    }

-    if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated) return EMS_STATUS_INVALID_HANDLE;
+    if (HandleEntry == NULL || !HandleEntry->Allocated)
+    {
+        return EMS_STATUS_INVALID_HANDLE;
+    }

    PageEntry = GetLogicalPage(HandleEntry, LogicalPage);
    if (!PageEntry) return EMS_STATUS_INV_LOGICAL_PAGE; 
@ -224,9 +233,9 @@ static VOID WINAPI EmsIntHandler(LPWORD Stack)
            if (Data->SourceType)
            {
                /* Expanded memory */
-                HandleEntry = &HandleTable[Data->SourceHandle];
+                HandleEntry = GetHandleRecord(Data->SourceHandle);

-                if (Data->SourceHandle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+                if (HandleEntry == NULL || !HandleEntry->Allocated)
                {
                    setAL(EMS_STATUS_INVALID_HANDLE);
                    break;
@ -253,9 +262,9 @@ static VOID WINAPI EmsIntHandler(LPWORD Stack)
            if (Data->DestType)
            {
                /* Expanded memory */
-                HandleEntry = &HandleTable[Data->DestHandle];
+                HandleEntry = GetHandleRecord(Data->DestHandle);

-                if (Data->SourceHandle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+                if (HandleEntry == NULL || !HandleEntry->Allocated)
                {
                    setAL(EMS_STATUS_INVALID_HANDLE);
                    break;
--- a/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
+++ b/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
@ -46,9 +46,10 @@ static ULONG BitmapBuffer[(XMS_BLOCKS + 31) / 32];

 static inline PXMS_HANDLE GetHandleRecord(WORD Handle)
 {
-    PXMS_HANDLE Entry = &HandleTable[Handle - 1];
+    PXMS_HANDLE Entry;
    if (Handle == 0 || Handle >= XMS_MAX_HANDLES) return NULL;

+    Entry = &HandleTable[Handle - 1];
    return Entry->Size ? Entry : NULL;
 }