Author: aandrejevic Date: Wed Apr 29 00:58:22 2015 New Revision: 67476
URL: http://svn.reactos.org/svn/reactos?rev=67476&view=rev Log: [NTVDM] Also check for BlockData == 0 in RosResizeMemory. This, however, wasn't a crash since we were lucky enough to cast the segment to a WORD before the access.
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/memory.c
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/memory.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/mvdm/ntvdm/dos/d... ============================================================================== --- trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/memory.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/memory.c [iso-8859-1] Wed Apr 29 00:58:22 2015 @@ -210,7 +210,9 @@ NewSize);
/* Make sure this is a valid, allocated block */ - if ((Mcb->BlockType != 'M' && Mcb->BlockType != 'Z') || Mcb->OwnerPsp == 0) + if (BlockData == 0 + || (Mcb->BlockType != 'M' && Mcb->BlockType != 'Z') + || Mcb->OwnerPsp == 0) { Success = FALSE; DosLastError = ERROR_INVALID_HANDLE;