Dont allow SetSelectorBase to change into an kernel region

Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
Wed Aug 1 12:44:54 CDT 2001 

>>>>> "Uwe" == Uwe Bonnes <bon at elektron.ikp.physik.tu-darmstadt.de> writes:

    Uwe> Hallo, galep3 crashes with following sequence: 096c7b38:Call
    Uwe> KERNEL.189: SETSELECTORLIMIT(0x0d87,0x0000045f) ret=02e7:6fb5
    Uwe> ds=099f 096c7b38:Ret KERNEL.189: SETSELECTORLIMIT() retval=0x0d87
    Uwe> ret=02e7:6fb5 ds=099f 096c7b38:Call KERNEL.187:
    Uwe> SETSELECTORBASE(0x0d87,0xc02924e0) ret=02e7:6fc1 ds=099f
    Uwe> 096c7b38:Ret KERNEL.187: SETSELECTORBASE() retval=0x0d87
    Uwe> ret=02e7:6fc1 ds=099f ...  Unhandled exception: page fault on read
    Uwe> access to 0xc0292545

    Uwe> Obviously the application trys to reach some kernel memory.

    Uwe> If I only allow to set the selector base when (selector base +
    Uwe> selector limit) is smaller than 0x8000000, the application goes on
    Uwe> and lets me read an eprom plugged into the Galep3 Programmer. Is
    Uwe> the appended fix a right acceptable?

Obviously not modifying the base in that case lets me save and exit too

Index: wine/memory/selector.c
===================================================================
RCS file: /home/wine/wine/memory/selector.c,v
retrieving revision 1.39
diff -u -r1.39 selector.c
--- wine/memory/selector.c	19 Jul 2001 00:39:10 -0000	1.39
+++ wine/memory/selector.c	1 Aug 2001 17:42:53 -0000
@@ -326,8 +326,15 @@
 {
     LDT_ENTRY entry;
     wine_ldt_get_entry( sel, &entry );
-    wine_ldt_set_base( &entry, DOSMEM_MapDosToLinear(base) );
-    wine_ldt_set_entry( sel, &entry );
+    if ((base +  wine_ldt_copy.limit[sel >> __AHSHIFT]) > 0x8000000) 
+      {
+	FIXME("Illegal region base %lx limit %lx\n", base,wine_ldt_copy.limit[sel >> __AHSHIFT]);
+      }
+    else
+      {
+	wine_ldt_set_base( &entry, DOSMEM_MapDosToLinear(base) );
+	wine_ldt_set_entry( sel, &entry );
+      }
     return sel;
 }
 


-- 
Uwe Bonnes                bon at elektron.ikp.physik.tu-darmstadt.de

Institut fuer Kernphysik  Schlossgartenstrasse 9  64289 Darmstadt
--------- Tel. 06151 162516 -------- Fax. 06151 164321 ----------

More information about the wine-devel mailing list