[aandrejevic] 68619: [NTOS:CC] In CcCopyData, Buffer can be NULL during read/write operations. [FASTFAT] Use SEH to catch exceptions thrown by MmProbeAndLockPages. Lock the user buffer before chang... - Ros-diffs

7 Aug 2015

Author: aandrejevic
Date: Fri Aug  7 19:17:40 2015
New Revision: 68619

URL: http://svn.reactos.org/svn/reactos?rev=68619&view=rev
Log:
[NTOS:CC]
In CcCopyData, Buffer can be NULL during read/write operations.
[FASTFAT]
Use SEH to catch exceptions thrown by MmProbeAndLockPages.
Lock the user buffer before changing the file allocation size.


Modified:
    trunk/reactos/drivers/filesystems/fastfat/misc.c
    trunk/reactos/drivers/filesystems/fastfat/rw.c
    trunk/reactos/ntoskrnl/cc/copy.c

Modified: trunk/reactos/drivers/filesystems/fastfat/misc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/fastfa…
==============================================================================

--- trunk/reactos/drivers/filesystems/fastfat/misc.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/fastfat/misc.c	[iso-8859-1] Fri Aug  7 19:17:40
2015
@@ -364,7 +364,17 @@
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 
-    MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    _SEH2_TRY
+    {
+        MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        IoFreeMdl(Irp->MdlAddress);
+        Irp->MdlAddress = NULL;
+        _SEH2_YIELD(return _SEH2_GetExceptionCode());
+    }
+    _SEH2_END;
 
     return STATUS_SUCCESS;
 }

Modified: trunk/reactos/drivers/filesystems/fastfat/rw.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/fastfa…
==============================================================================
--- trunk/reactos/drivers/filesystems/fastfat/rw.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/fastfat/rw.c	[iso-8859-1] Fri Aug  7 19:17:40 2015
@@ -656,9 +656,9 @@
     }
 
     Buffer = VfatGetUserBuffer(IrpContext->Irp,
BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
-    {
-        Status = STATUS_INVALID_USER_BUFFER;
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
+    if (!NT_SUCCESS(Status))
+    {
         goto ByeBye;
     }
 
@@ -714,12 +714,6 @@
         if (ByteOffset.QuadPart + Length > ROUND_UP(Fcb->RFCB.FileSize.QuadPart,
BytesPerSector))
         {
             Length = (ULONG)(ROUND_UP(Fcb->RFCB.FileSize.QuadPart, BytesPerSector) -
ByteOffset.QuadPart);
-        }
-
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
         }
 
         Status = VfatReadFileData(IrpContext, Length, ByteOffset, &ReturnedLength);
@@ -927,12 +921,11 @@
     OldFileSize = Fcb->RFCB.FileSize;
 
     Buffer = VfatGetUserBuffer(IrpContext->Irp,
BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
-    {
-        Status = STATUS_INVALID_USER_BUFFER;
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
+    if (!NT_SUCCESS(Status))
+    {
         goto ByeBye;
     }
-
 
     if (!(Fcb->Flags & (FCB_IS_FAT|FCB_IS_VOLUME)) &&
         !(IrpContext->Irp->Flags & IRP_PAGING_IO) &&
@@ -997,12 +990,6 @@
         if (ByteOffset.QuadPart > OldFileSize.QuadPart)
         {
             CcZeroData(IrpContext->FileObject, &OldFileSize, &ByteOffset,
TRUE);
-        }
-
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
         }
 
         Status = VfatWriteFileData(IrpContext, Length, ByteOffset);

Modified: trunk/reactos/ntoskrnl/cc/copy.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cc/copy.c?rev=686…
==============================================================================
--- trunk/reactos/ntoskrnl/cc/copy.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/cc/copy.c	[iso-8859-1] Fri Aug  7 19:17:40 2015
@@ -284,7 +284,7 @@
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
 
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
 
@@ -321,7 +321,7 @@
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
 
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
     IoStatus->Status = STATUS_SUCCESS;



    