[PATCH v2] ntdll: Fix find_free_area outside of reserved areas with zero_bits != 0.
Rémi Bernon
rbernon at codeweavers.com
Wed Nov 20 05:08:43 CST 2019
On 11/20/19 11:57 AM, Huw Davies wrote:
> On Mon, Nov 04, 2019 at 04:51:56PM +0100, Rémi Bernon wrote:
>> The search was initiated with base == 0, which returns NULL immediately
>> if MEM_TOP_DOWN is not used. Using address_space_start instead fixes
>> this issue.
>>
>> Then we assumed that all mmapped regions are known by Wine view tree,
>> which is obviously not the case with external allocations. This could
>> lead to memory corruption when find_free_area returns an expected free
>> region which is already mmapped. Using MAP_FIXED forces mmap to succeed
>> and corrupts the mapping.
>
> So it seems this patch is trying to fix two bugs. You should be able
> to split this so that a first patch addresses the !top_down issue
> and a second patch addresses the assumption about mmapped regions
> being known.
>
> Huw.
>
Yeah I had the discussion with Paul (he reported the bug and wrote the
original patch), and he argued that fixing the !top_down issue first
would create a regression as it would potentially then return an already
used memory region, and the other way around would be modifying code
that is not executed first. But I guess there's always the top_down case.
So I think it could be fixing the search first, then the !top_down case.
--
Rémi Bernon <rbernon at codeweavers.com>
More information about the wine-devel
mailing list