[ros-diffs] [weiden] 13167: don't touch memory outside the area to be probed in ProbeForWrite() and minor address range check fixes in ProbeForRead/Write()

[weiden at svn.reactos.com]

don't touch memory outside the area to be probed in ProbeForWrite() and
minor address range check fixes in ProbeForRead/Write()
Modified: trunk/reactos/ntoskrnl/mm/virtual.c
  _____  

Modified: trunk/reactos/ntoskrnl/mm/virtual.c
--- trunk/reactos/ntoskrnl/mm/virtual.c	2005-01-20 13:31:49 UTC (rev
13166)
+++ trunk/reactos/ntoskrnl/mm/virtual.c	2005-01-20 21:03:35 UTC (rev
13167)
@@ -795,7 +795,7 @@

               IN ULONG Length,
               IN ULONG Alignment)
 {
-   ASSERT(Alignment ==1 || Alignment == 2 || Alignment == 4 ||
Alignment == 8);
+   ASSERT(Alignment == 1 || Alignment == 2 || Alignment == 4 ||
Alignment == 8);
 
    if (Length == 0)
       return;
@@ -804,8 +804,8 @@
    {
       ExRaiseStatus (STATUS_DATATYPE_MISALIGNMENT);
    }
-   else if ((ULONG_PTR)Address + Length < (ULONG_PTR)Address ||
-            (ULONG_PTR)Address + Length >
(ULONG_PTR)MmUserProbeAddress)
+   else if ((ULONG_PTR)Address + Length - 1 < (ULONG_PTR)Address ||
+            (ULONG_PTR)Address + Length - 1 >
(ULONG_PTR)MmUserProbeAddress)
    {
       ExRaiseStatus (STATUS_ACCESS_VIOLATION);
    }
@@ -820,10 +820,10 @@
                IN ULONG Length,
                IN ULONG Alignment)
 {
-   volatile PCHAR Ptr;
-   ULONG i;
+   volatile CHAR *Current;
+   PCHAR Last;
 
-   ASSERT(Alignment ==1 || Alignment == 2 || Alignment == 4 ||
Alignment == 8);
+   ASSERT(Alignment == 1 || Alignment == 2 || Alignment == 4 ||
Alignment == 8);
 
    if (Length == 0)
       return;
@@ -832,18 +832,21 @@
    {
       ExRaiseStatus (STATUS_DATATYPE_MISALIGNMENT);
    }
-   else if ((ULONG_PTR)Address + Length < (ULONG_PTR)Address ||
-            (ULONG_PTR)Address + Length >
(ULONG_PTR)MmUserProbeAddress)
+
+   Last = (PCHAR)((ULONG_PTR)Address + Length - 1);
+   if ((ULONG_PTR)Last < (ULONG_PTR)Address ||
+       (ULONG_PTR)Last > (ULONG_PTR)MmUserProbeAddress)
    {
       ExRaiseStatus (STATUS_ACCESS_VIOLATION);
    }
 
    /* Check for accessible pages */
-   for (i = 0; i < Length; i += PAGE_SIZE)
+   Current = (CHAR*)Address;
+   do
    {
-      Ptr = (PCHAR)(((ULONG_PTR)Address & ~(PAGE_SIZE - 1)) + i);
-      *Ptr = *Ptr;
-   }
+     *Current = *Current;
+     Current = (CHAR*)((ULONG_PTR)Current + PAGE_SIZE);
+   } while (Current <= Last);
 }
 
 /* EOF */
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.reactos.org/pipermail/ros-diffs/attachments/20050120/48b2f4cf/attachment.html