Alexandre Julliard : ntdll: Check buffer for access in NtRead/ WriteVirtualMemory.

Thu Jan 15 08:50:58 CST 2009

Module: wine
Branch: master
Commit: 858a7efdd40e21895bd6b0e6f2954563fc729039
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=858a7efdd40e21895bd6b0e6f2954563fc729039

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Wed Jan 14 20:36:27 2009 +0100

ntdll: Check buffer for access in NtRead/WriteVirtualMemory.

This also triggers page faults needed for DIB section access and write
watches.

---

 dlls/ntdll/virtual.c |   40 ++++++++++++++++++++++++++++------------
 1 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c
index 74e72fd..16e1e50 100644
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -2615,14 +2615,22 @@ NTSTATUS WINAPI NtReadVirtualMemory( HANDLE process, const void *addr, void *buf
 {
     NTSTATUS status;
 
-    SERVER_START_REQ( read_process_memory )
+    if (virtual_check_buffer_for_write( buffer, size ))
     {
-        req->handle = wine_server_obj_handle( process );
-        req->addr   = wine_server_client_ptr( addr );
-        wine_server_set_reply( req, buffer, size );
-        if ((status = wine_server_call( req ))) size = 0;
+        SERVER_START_REQ( read_process_memory )
+        {
+            req->handle = wine_server_obj_handle( process );
+            req->addr   = wine_server_client_ptr( addr );
+            wine_server_set_reply( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_ACCESS_VIOLATION;
+        size = 0;
     }
-    SERVER_END_REQ;
     if (bytes_read) *bytes_read = size;
     return status;
 }
@@ -2637,14 +2645,22 @@ NTSTATUS WINAPI NtWriteVirtualMemory( HANDLE process, void *addr, const void *bu
 {
     NTSTATUS status;
 
-    SERVER_START_REQ( write_process_memory )
+    if (virtual_check_buffer_for_read( buffer, size ))
     {
-        req->handle     = wine_server_obj_handle( process );
-        req->addr       = wine_server_client_ptr( addr );
-        wine_server_add_data( req, buffer, size );
-        if ((status = wine_server_call( req ))) size = 0;
+        SERVER_START_REQ( write_process_memory )
+        {
+            req->handle     = wine_server_obj_handle( process );
+            req->addr       = wine_server_client_ptr( addr );
+            wine_server_add_data( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_PARTIAL_COPY;
+        size = 0;
     }
-    SERVER_END_REQ;
     if (bytes_written) *bytes_written = size;
     return status;
 }


