[ros-diffs] [fireball] 34630: Yuriy Sidorov <jura at cp-lab.com> - Invalid parameter error is returned if requested memory area is located above USER_SHARED_DATA address (0x7FFE0000) (WinXP compatible). - Access violation error is returned if existing memory area found on requested address and this area have uninitialized region list. See issue #3467 for more details.

[fireball at svn.reactos.org]

Author: fireball
Date: Mon Jul 21 04:40:12 2008
New Revision: 34630

URL: http://svn.reactos.org/svn/reactos?rev=34630&view=rev
Log:
Yuriy Sidorov <jura at cp-lab.com>
- Invalid parameter error is returned if requested memory area is located above USER_SHARED_DATA address (0x7FFE0000) (WinXP compatible).
- Access violation error is returned if existing memory area found on requested address and this area have uninitialized region list.
See issue #3467 for more details.

Modified:
    trunk/reactos/ntoskrnl/mm/anonmem.c

Modified: trunk/reactos/ntoskrnl/mm/anonmem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/anonmem.c?rev=34630&r1=34629&r2=34630&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] Mon Jul 21 04:40:12 2008
@@ -656,7 +656,7 @@
     * Yes, MmCreateMemoryArea does similar checks, but they don't return
     * the right status codes that a caller of this routine would expect.
     */
-   if (BaseAddress >= MM_HIGHEST_USER_ADDRESS)
+   if ((ULONG_PTR)BaseAddress >= USER_SHARED_DATA)
    {
       DPRINT1("Virtual allocation base above User Space\n");
       return STATUS_INVALID_PARAMETER_2;
@@ -666,7 +666,7 @@
       DPRINT1("Region size is invalid (zero)\n");
       return STATUS_INVALID_PARAMETER_4;
    }
-   if (((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (ULONG_PTR)BaseAddress) < RegionSize)
+   if ((USER_SHARED_DATA - (ULONG_PTR)BaseAddress) < RegionSize)
    {
       DPRINT1("Region size would overflow into kernel-memory\n");
       return STATUS_INVALID_PARAMETER_4;
@@ -726,12 +726,21 @@
          }
          else if (MemoryAreaLength >= RegionSize)
          {
-            Status =
-               MmAlterRegion(AddressSpace,
-                             MemoryArea->StartingAddress,
-                             &MemoryArea->Data.SectionData.RegionListHead,
-                             BaseAddress, RegionSize,
-                             Type, Protect, MmModifyAttributes);
+            /* Region list initialized? */
+            if (MemoryArea->Data.SectionData.RegionListHead.Flink)
+            {
+               Status =
+                  MmAlterRegion(AddressSpace,
+                                MemoryArea->StartingAddress,
+                                &MemoryArea->Data.SectionData.RegionListHead,
+                                BaseAddress, RegionSize,
+                                Type, Protect, MmModifyAttributes);
+            }
+            else
+            {
+               Status = STATUS_ACCESS_VIOLATION;
+            }
+
             MmUnlockAddressSpace(AddressSpace);
             ObDereferenceObject(Process);
             DPRINT("NtAllocateVirtualMemory() = %x\n",Status);