Module: wine Branch: stable Commit: dcd7bf05c1bf13bdbb4ee211303219f87b05a649 URL: https://source.winehq.org/git/wine.git/?a=commit;h=dcd7bf05c1bf13bdbb4ee2113...
Author: Gijs Vermeulen gijsvrm@gmail.com Date: Mon Feb 18 15:22:52 2019 +0100
ntdll: Validate len in NtQueryVirtualMemory.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45632 Signed-off-by: Gijs Vermeulen gijsvrm@gmail.com Signed-off-by: Alexandre Julliard julliard@winehq.org (cherry picked from commit d2d52717af2a64196d9bc983ba8b75e64c05c3f8) Signed-off-by: Michael Stefaniuc mstefani@winehq.org
---
dlls/ntdll/tests/info.c | 3 +++ dlls/ntdll/virtual.c | 3 +++ 2 files changed, 6 insertions(+)
diff --git a/dlls/ntdll/tests/info.c b/dlls/ntdll/tests/info.c index 7690696..5f27d8b 100644 --- a/dlls/ntdll/tests/info.c +++ b/dlls/ntdll/tests/info.c @@ -2005,6 +2005,9 @@ static void test_queryvirtualmemory(void) /* check error code when addr is higher than working set limit */ status = pNtQueryVirtualMemory(NtCurrentProcess(), (void *)~0, MemoryBasicInformation, &mbi, sizeof(mbi), &readcount); ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status); + /* check error code when len is less than MEMORY_BASIC_INFORMATION size */ + status = pNtQueryVirtualMemory(NtCurrentProcess(), GetProcessHeap(), MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION) - 1, &readcount); + ok(status == STATUS_INFO_LENGTH_MISMATCH, "Expected STATUS_INFO_LENGTH_MISMATCH, got %08x\n", status); }
static void test_affinity(void) diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 030c658..da2dad1 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -2820,6 +2820,9 @@ NTSTATUS WINAPI NtQueryVirtualMemory( HANDLE process, LPCVOID addr, } }
+ if (len < sizeof(MEMORY_BASIC_INFORMATION)) + return STATUS_INFO_LENGTH_MISMATCH; + if (process != NtCurrentProcess()) { NTSTATUS status;
-
Alexandre Julliard