don't touch memory outside the area to be probed in ProbeForWrite() and minor address range check fixes in ProbeForRead/Write() Modified: trunk/reactos/ntoskrnl/mm/virtual.c _____ Modified: trunk/reactos/ntoskrnl/mm/virtual.c --- trunk/reactos/ntoskrnl/mm/virtual.c 2005-01-20 13:31:49 UTC (rev 13166) +++ trunk/reactos/ntoskrnl/mm/virtual.c 2005-01-20 21:03:35 UTC (rev 13167) @@ -795,7 +795,7 @@ IN ULONG Length, IN ULONG Alignment) { - ASSERT(Alignment ==1 || Alignment == 2 || Alignment == 4 || Alignment == 8); + ASSERT(Alignment == 1 || Alignment == 2 || Alignment == 4 || Alignment == 8); if (Length == 0) return; @@ -804,8 +804,8 @@ { ExRaiseStatus (STATUS_DATATYPE_MISALIGNMENT); } - else if ((ULONG_PTR)Address + Length < (ULONG_PTR)Address || - (ULONG_PTR)Address + Length > (ULONG_PTR)MmUserProbeAddress) + else if ((ULONG_PTR)Address + Length - 1 < (ULONG_PTR)Address || + (ULONG_PTR)Address + Length - 1 > (ULONG_PTR)MmUserProbeAddress) { ExRaiseStatus (STATUS_ACCESS_VIOLATION); } @@ -820,10 +820,10 @@ IN ULONG Length, IN ULONG Alignment) { - volatile PCHAR Ptr; - ULONG i; + volatile CHAR *Current; + PCHAR Last; - ASSERT(Alignment ==1 || Alignment == 2 || Alignment == 4 || Alignment == 8); + ASSERT(Alignment == 1 || Alignment == 2 || Alignment == 4 || Alignment == 8); if (Length == 0) return; @@ -832,18 +832,21 @@ { ExRaiseStatus (STATUS_DATATYPE_MISALIGNMENT); } - else if ((ULONG_PTR)Address + Length < (ULONG_PTR)Address || - (ULONG_PTR)Address + Length > (ULONG_PTR)MmUserProbeAddress) + + Last = (PCHAR)((ULONG_PTR)Address + Length - 1); + if ((ULONG_PTR)Last < (ULONG_PTR)Address || + (ULONG_PTR)Last > (ULONG_PTR)MmUserProbeAddress) { ExRaiseStatus (STATUS_ACCESS_VIOLATION); } /* Check for accessible pages */ - for (i = 0; i < Length; i += PAGE_SIZE) + Current = (CHAR*)Address; + do { - Ptr = (PCHAR)(((ULONG_PTR)Address & ~(PAGE_SIZE - 1)) + i); - *Ptr = *Ptr; - } + *Current = *Current; + Current = (CHAR*)((ULONG_PTR)Current + PAGE_SIZE); + } while (Current <= Last); } /* EOF */