[ros-diffs] [fireball] 43371: - Implement pool corruption tests for testing pool overrun/underrun detectors. Tests invocation is commented out by default.

fireball at svn.reactos.org fireball at svn.reactos.org
Sun Oct 11 12:00:56 CEST 2009


Author: fireball
Date: Sun Oct 11 12:00:56 2009
New Revision: 43371

URL: http://svn.reactos.org/svn/reactos?rev=43371&view=rev
Log:
- Implement pool corruption tests for testing pool overrun/underrun detectors. Tests invocation is commented out by default.

Modified:
    trunk/rostests/drivers/kmtest/kmtest.rbuild
    trunk/rostests/drivers/kmtest/ntos_pools.c

Modified: trunk/rostests/drivers/kmtest/kmtest.rbuild
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/drivers/kmtest/kmtest.rbuild?rev=43371&r1=43370&r2=43371&view=diff
==============================================================================
--- trunk/rostests/drivers/kmtest/kmtest.rbuild [iso-8859-1] (original)
+++ trunk/rostests/drivers/kmtest/kmtest.rbuild [iso-8859-1] Sun Oct 11 12:00:56 2009
@@ -3,6 +3,7 @@
 	<include base="ReactOS">include/reactos/drivers</include>
 	<library>ntoskrnl</library>
 	<library>hal</library>
+	<library>pseh</library>
 	<file>kmtest.c</file>
 	<file>deviface.c</file>
 	<file>deviface_test.c</file>

Modified: trunk/rostests/drivers/kmtest/ntos_pools.c
URL: http://svn.reactos.org/svn/reactos/trunk/rostests/drivers/kmtest/ntos_pools.c?rev=43371&r1=43370&r2=43371&view=diff
==============================================================================
--- trunk/rostests/drivers/kmtest/ntos_pools.c [iso-8859-1] (original)
+++ trunk/rostests/drivers/kmtest/ntos_pools.c [iso-8859-1] Sun Oct 11 12:00:56 2009
@@ -25,6 +25,8 @@
 #include <ddk/ntddk.h>
 #include <ntifs.h>
 #include <ndk/ntndk.h>
+/* SEH support with PSEH */
+#include <pseh/pseh2.h>
 #include "kmtest.h"
 
 //#define NDEBUG
@@ -125,10 +127,61 @@
     FinishTest("NTOSKRNL Pools Tests");
 }
 
+VOID
+PoolsCorruption()
+{
+    PULONG Ptr, TestPtr;
+    ULONG AllocSize;
+    NTSTATUS Status = STATUS_SUCCESS;
+
+    StartTest();
+
+    // start with non-paged pool
+    AllocSize = 4096 + 0x10;
+    Ptr = ExAllocatePoolWithTag(NonPagedPool, AllocSize, TAG_POOLTEST);
+
+    // touch all bytes, it shouldn't cause an exception
+    RtlZeroMemory(Ptr, AllocSize);
+
+    // test buffer overrun, right after our allocation ends
+    _SEH2_TRY
+    {
+        TestPtr = (PULONG)((PUCHAR)Ptr + AllocSize);
+        //Ptr[4] = 0xd33dbeef;
+        *TestPtr = 0xd33dbeef;
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        /* Get the status */
+        Status = _SEH2_GetExceptionCode();
+    } _SEH2_END;
+
+    ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status);
+
+    // test overrun in a distant byte range, but within 4096KB
+    _SEH2_TRY
+    {
+        Ptr[2020] = 0xdeadb33f;
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        /* Get the status */
+        Status = _SEH2_GetExceptionCode();
+    } _SEH2_END;
+
+    ok(Status == STATUS_ACCESS_VIOLATION, "Exception should occur, but got Status 0x%08lX\n", Status);
+
+    // free the pool
+    ExFreePoolWithTag(Ptr, TAG_POOLTEST);
+
+    FinishTest("NTOSKRNL Pool Corruption");
+}
+
 /* PUBLIC FUNCTIONS ***********************************************************/
 
 VOID
 NtoskrnlPoolsTest()
 {
     PoolsTest();
+    //PoolsCorruption();
 }




More information about the Ros-diffs mailing list