Module: wine Branch: master Commit: 858a7efdd40e21895bd6b0e6f2954563fc729039 URL: http://source.winehq.org/git/wine.git/?a=commit;h=858a7efdd40e21895bd6b0e6f2...
Author: Alexandre Julliard julliard@winehq.org Date: Wed Jan 14 20:36:27 2009 +0100
ntdll: Check buffer for access in NtRead/WriteVirtualMemory.
This also triggers page faults needed for DIB section access and write watches.
---
dlls/ntdll/virtual.c | 40 ++++++++++++++++++++++++++++------------ 1 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 74e72fd..16e1e50 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -2615,14 +2615,22 @@ NTSTATUS WINAPI NtReadVirtualMemory( HANDLE process, const void *addr, void *buf { NTSTATUS status;
- SERVER_START_REQ( read_process_memory ) + if (virtual_check_buffer_for_write( buffer, size )) { - req->handle = wine_server_obj_handle( process ); - req->addr = wine_server_client_ptr( addr ); - wine_server_set_reply( req, buffer, size ); - if ((status = wine_server_call( req ))) size = 0; + SERVER_START_REQ( read_process_memory ) + { + req->handle = wine_server_obj_handle( process ); + req->addr = wine_server_client_ptr( addr ); + wine_server_set_reply( req, buffer, size ); + if ((status = wine_server_call( req ))) size = 0; + } + SERVER_END_REQ; + } + else + { + status = STATUS_ACCESS_VIOLATION; + size = 0; } - SERVER_END_REQ; if (bytes_read) *bytes_read = size; return status; } @@ -2637,14 +2645,22 @@ NTSTATUS WINAPI NtWriteVirtualMemory( HANDLE process, void *addr, const void *bu { NTSTATUS status;
- SERVER_START_REQ( write_process_memory ) + if (virtual_check_buffer_for_read( buffer, size )) { - req->handle = wine_server_obj_handle( process ); - req->addr = wine_server_client_ptr( addr ); - wine_server_add_data( req, buffer, size ); - if ((status = wine_server_call( req ))) size = 0; + SERVER_START_REQ( write_process_memory ) + { + req->handle = wine_server_obj_handle( process ); + req->addr = wine_server_client_ptr( addr ); + wine_server_add_data( req, buffer, size ); + if ((status = wine_server_call( req ))) size = 0; + } + SERVER_END_REQ; + } + else + { + status = STATUS_PARTIAL_COPY; + size = 0; } - SERVER_END_REQ; if (bytes_written) *bytes_written = size; return status; }
-
Alexandre Julliard