Brendan Shanks : wow64: Return error from NtQueryVirtualMemory(MemoryBasicInformation) for a too-large address. - wine-commits

26 Jul 2022

Module: wine
Branch: master
Commit: ebb7d316f89f290f56d0f58a5a03951167c3cbc7
URL:    https://gitlab.winehq.org/wine/wine/-/commit/ebb7d316f89f290f56d0f58a5a03951...
Author: Brendan Shanks bshanks@codeweavers.com
Date:   Mon Jul 25 12:20:18 2022 -0700
wow64: Return error from NtQueryVirtualMemory(MemoryBasicInformation) for a too-large address.
---
dlls/wow64/syscall.c       | 2 ++
 dlls/wow64/virtual.c       | 7 +++++--
 dlls/wow64/wow64_private.h | 1 +
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/dlls/wow64/syscall.c b/dlls/wow64/syscall.c
index 80c4bf73d8b..bc6d46258ed 100644
--- a/dlls/wow64/syscall.c
+++ b/dlls/wow64/syscall.c
@@ -36,6 +36,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(wow);
 USHORT native_machine = 0;
 USHORT current_machine = 0;
 ULONG_PTR args_alignment = 0;
+ULONG_PTR highest_user_address = 0x7ffeffff;
 ULONG_PTR default_zero_bits = 0x7fffffff;
typedef NTSTATUS (WINAPI *syscall_thunk)( UINT *args );
@@ -573,6 +574,7 @@ static DWORD WINAPI process_init( RTL_RUN_ONCE *once, void *param, void **contex
     if (!current_machine) current_machine = native_machine;
     args_alignment = (current_machine == IMAGE_FILE_MACHINE_I386) ? sizeof(ULONG) : sizeof(ULONG64);
     NtQuerySystemInformation( SystemEmulationBasicInformation, &info, sizeof(info), NULL );
+    highest_user_address = (ULONG_PTR)info.HighestUserAddress;
     default_zero_bits = (ULONG_PTR)info.HighestUserAddress | 0x7fffffff;
#define GET_PTR(name) p ## name = RtlFindExportedRoutineByName( module, #name )
diff --git a/dlls/wow64/virtual.c b/dlls/wow64/virtual.c
index 8b69432829d..8b7d022301f 100644
--- a/dlls/wow64/virtual.c
+++ b/dlls/wow64/virtual.c
@@ -381,7 +381,11 @@ NTSTATUS WINAPI wow64_NtQueryVirtualMemory( UINT *args )
     switch (class)
     {
     case MemoryBasicInformation:  /* MEMORY_BASIC_INFORMATION */
-        if (len >= sizeof(MEMORY_BASIC_INFORMATION32))
+        if (len < sizeof(MEMORY_BASIC_INFORMATION32))
+            status = STATUS_INFO_LENGTH_MISMATCH;
+        else if ((ULONG_PTR)addr > highest_user_address)
+            status = STATUS_INVALID_PARAMETER;
+        else
         {
             MEMORY_BASIC_INFORMATION info;
             MEMORY_BASIC_INFORMATION32 *info32 = ptr;
@@ -397,7 +401,6 @@ NTSTATUS WINAPI wow64_NtQueryVirtualMemory( UINT *args )
                 info32->Type = info.Type;
             }
         }
-        else status = STATUS_INFO_LENGTH_MISMATCH;
         res_len = sizeof(MEMORY_BASIC_INFORMATION32);
         break;
diff --git a/dlls/wow64/wow64_private.h b/dlls/wow64/wow64_private.h
index c089a6ec4aa..f2c405bb2c6 100644
--- a/dlls/wow64/wow64_private.h
+++ b/dlls/wow64/wow64_private.h
@@ -39,6 +39,7 @@ extern BOOL get_file_redirect( OBJECT_ATTRIBUTES *attr ) DECLSPEC_HIDDEN;
 extern USHORT native_machine DECLSPEC_HIDDEN;
 extern USHORT current_machine DECLSPEC_HIDDEN;
 extern ULONG_PTR args_alignment DECLSPEC_HIDDEN;
+extern ULONG_PTR highest_user_address DECLSPEC_HIDDEN;
 extern ULONG_PTR default_zero_bits DECLSPEC_HIDDEN;
 extern SYSTEM_DLL_INIT_BLOCK *pLdrSystemDllInitBlock DECLSPEC_HIDDEN;

    