https://git.reactos.org/?p=reactos.git;a=commitdiff;h=56da95671ce87fc3c9fff…
commit 56da95671ce87fc3c9fffbf33f411759ce330e49
Author: Timo Kreuzer <timo.kreuzer(a)reactos.org>
AuthorDate: Mon Oct 21 00:36:14 2019 +0200
Commit: Timo Kreuzer <timo.kreuzer(a)reactos.org>
CommitDate: Sat Oct 26 21:38:13 2019 +0200
[NTOS] Fix a bug in the PE loader, which caused images to be loaded up to MmHighestUserAddress, thus overwriting the shared user page.
This is now fixed by using MM_HIGHEST_VAD_ADDRESS as the margin instead.
Should fix CORE-11717
---
ntoskrnl/mm/section.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index 1d7a043c2a1..8278226b074 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -4579,11 +4579,11 @@ MmMapViewOfSection(IN PVOID SectionObject,
ImageSectionObject->ImageInformation.ImageFileSize = (ULONG)ImageSize;
/* Check for an illegal base address */
- if (((ImageBase + ImageSize) > (ULONG_PTR)MmHighestUserAddress) ||
+ if (((ImageBase + ImageSize) > (ULONG_PTR)MM_HIGHEST_VAD_ADDRESS) ||
((ImageBase + ImageSize) < ImageSize))
{
ASSERT(*BaseAddress == NULL);
- ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MmHighestUserAddress - ImageSize,
+ ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - ImageSize,
MM_VIRTMEM_GRANULARITY);
NotAtBase = TRUE;
}