[ros-diffs] [ion] 17139: Add failure cases for more things then a WINE test could shake a stick at (hopefully)

Add failure cases for more things then a WINE test could shake a stick at (hopefully) Modified: trunk/reactos/ntoskrnl/mm/anonmem.c _____ Modified: trunk/reactos/ntoskrnl/mm/anonmem.c --- trunk/reactos/ntoskrnl/mm/anonmem.c 2005-08-07 03:15:15 UTC (rev 17138) +++ trunk/reactos/ntoskrnl/mm/anonmem.c 2005-08-07 07:11:03 UTC (rev 17139) @@ -555,18 +555,61 @@ *UBaseAddress,ZeroBits,*URegionSize,AllocationType, Protect); - /* - * Check the validity of the parameters - */ + /* Check for valid protection flags */ if ((Protect & PAGE_FLAGS_VALID_FROM_USER_MODE) != Protect) { - return(STATUS_INVALID_PAGE_PROTECTION); + DPRINT1("Invalid page protection\n"); + return STATUS_INVALID_PAGE_PROTECTION; } - if ((AllocationType & (MEM_COMMIT | MEM_RESERVE)) == 0) + + /* Check for valid Allocation Types */ + if ((AllocationType &~ (MEM_COMMIT | MEM_RESERVE | MEM_RESET | MEM_PHYSICAL | + MEM_TOP_DOWN | MEM_WRITE_WATCH))) { - return(STATUS_INVALID_PARAMETER); + DPRINT1("Invalid Allocation Type\n"); + return STATUS_INVALID_PARAMETER_5; } + /* Check for at least one of these Allocation Types to be set */ + if (!(AllocationType & (MEM_COMMIT | MEM_RESERVE | MEM_RESET))) + { + DPRINT1("No memory allocation base type\n"); + return STATUS_INVALID_PARAMETER_5; + } + + /* MEM_RESET is an exclusive flag, make sure that is valid too */ + if ((AllocationType & MEM_RESET) && (AllocationType != MEM_RESET)) + { + DPRINT1("MEM_RESET used illegaly\n"); + return STATUS_INVALID_PARAMETER_5; + } + + /* MEM_WRITE_WATCH can only be used if MEM_RESERVE is also used */ + if ((AllocationType & MEM_WRITE_WATCH) && !(AllocationType & MEM_RESERVE)) + { + DPRINT1("MEM_WRITE_WATCH used without MEM_RESERVE\n"); + return STATUS_INVALID_PARAMETER_5; + } + + /* MEM_PHYSICAL can only be used with MEM_RESERVE, and can only be R/W */ + if (AllocationType & MEM_PHYSICAL) + { + /* First check for MEM_RESERVE exclusivity */ + if (AllocationType != (MEM_RESERVE | MEM_PHYSICAL)) + { + DPRINT1("MEM_PHYSICAL used with other flags then MEM_RESERVE or" + "MEM_RESERVE was not present at all\n"); + return STATUS_INVALID_PARAMETER_5; + } + + /* Then make sure PAGE_READWRITE is used */ + if (Protect != PAGE_READWRITE) + { + DPRINT1("MEM_PHYSICAL used without PAGE_READWRITE\n"); + return STATUS_INVALID_PAGE_PROTECTION; + } + } + PBaseAddress = *UBaseAddress; PRegionSize = *URegionSize; BoundaryAddressMultiple.QuadPart = 0; @@ -575,6 +618,27 @@ RegionSize = PAGE_ROUND_UP(PBaseAddress + PRegionSize) - PAGE_ROUND_DOWN(PBaseAddress); + /* + * We've captured and calculated the data, now do more checks + * Yes, MmCreateMemoryArea does similar checks, but they don't return + * the right status codes that a caller of this routine would expect. + */ + if (BaseAddress >= MM_HIGHEST_USER_ADDRESS) + { + DPRINT1("Virtual allocation above User Space\n"); + return STATUS_INVALID_PARAMETER_2; + } + if (!RegionSize) + { + DPRINT1("Region size is invalid\n"); + return STATUS_INVALID_PARAMETER_4; + } + if (((ULONG_PTR)MM_HIGHEST_USER_ADDRESS - (ULONG_PTR)BaseAddress) < RegionSize) + { + DPRINT1("Region size would overflow into kernel-memory\n"); + return STATUS_INVALID_PARAMETER_4; + } + Status = ObReferenceObjectByHandle(ProcessHandle, PROCESS_VM_OPERATION, NULL,