Module: wine Branch: master Commit: c2bff6b65f9a6861af3e631f54be192a0cacae3e URL: https://gitlab.winehq.org/wine/wine/-/commit/c2bff6b65f9a6861af3e631f54be192...
Author: Rémi Bernon rbernon@codeweavers.com Date: Thu Dec 1 19:09:50 2022 +0100
ntdll: Keep subheap parent heap pointer and check for mismatches.
---
dlls/ntdll/heap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/dlls/ntdll/heap.c b/dlls/ntdll/heap.c index 3eb29257d3b..aafbbd0f523 100644 --- a/dlls/ntdll/heap.c +++ b/dlls/ntdll/heap.c @@ -949,6 +949,7 @@ static SUBHEAP *create_subheap( struct heap *heap, DWORD flags, SIZE_T total_siz
if (!(subheap = allocate_region( heap, flags, &total_size, &commit_size ))) return NULL;
+ subheap->user_value = heap; subheap_set_bounds( subheap, (char *)subheap + commit_size, (char *)subheap + total_size ); block_size = (SIZE_T)ROUND_ADDR( subheap_size( subheap ) - subheap_overhead( subheap ), BLOCK_ALIGN - 1 ); block_init_free( first_block( subheap ), flags, subheap, block_size ); @@ -1195,7 +1196,8 @@ static inline struct block *unsafe_block_from_ptr( struct heap *heap, ULONG flag else if (block_get_type( block ) == BLOCK_TYPE_USED) { const char *base = subheap_base( subheap ), *commit_end = subheap_commit_end( subheap ); - if (!contains( base, commit_end - base, block, block_get_size( block ) )) err = "invalid block size"; + if (subheap->user_value != heap) err = "mismatching heap"; + else if (!contains( base, commit_end - base, block, block_get_size( block ) )) err = "invalid block size"; } else if (block_get_type( block ) == BLOCK_TYPE_LARGE) { @@ -1374,6 +1376,7 @@ HANDLE WINAPI RtlCreateHeap( ULONG flags, void *addr, SIZE_T total_size, SIZE_T }
subheap = &heap->subheap; + subheap->user_value = heap; subheap_set_bounds( subheap, (char *)heap + commit_size, (char *)heap + total_size ); block_size = (SIZE_T)ROUND_ADDR( subheap_size( subheap ) - subheap_overhead( subheap ), BLOCK_ALIGN - 1 ); block_init_free( first_block( subheap ), flags, subheap, block_size );