[aandrejevic] 68619: [NTOS:CC] In CcCopyData, Buffer can be NULL during read/write operations. [FASTFAT] Use SEH to catch exceptions thrown by MmProbeAndLockPages. Lock the user buffer before chang... - Ros-diffs

7 Aug 2015

Author: aandrejevic
Date: Fri Aug  7 19:17:40 2015
New Revision: 68619
URL: http://svn.reactos.org/svn/reactos?rev=68619&view=rev
Log:
[NTOS:CC]
In CcCopyData, Buffer can be NULL during read/write operations.
[FASTFAT]
Use SEH to catch exceptions thrown by MmProbeAndLockPages.
Lock the user buffer before changing the file allocation size.
Modified:
    trunk/reactos/drivers/filesystems/fastfat/misc.c
    trunk/reactos/drivers/filesystems/fastfat/rw.c
    trunk/reactos/ntoskrnl/cc/copy.c
Modified: trunk/reactos/drivers/filesystems/fastfat/misc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/fastfat...
==============================================================================

--- trunk/reactos/drivers/filesystems/fastfat/misc.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/fastfat/misc.c	[iso-8859-1] Fri Aug  7 19:17:40 2015
@@ -364,7 +364,17 @@
         return STATUS_INSUFFICIENT_RESOURCES;
     }
-    MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    _SEH2_TRY
+    {
+        MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        IoFreeMdl(Irp->MdlAddress);
+        Irp->MdlAddress = NULL;
+        _SEH2_YIELD(return _SEH2_GetExceptionCode());
+    }
+    _SEH2_END;
return STATUS_SUCCESS;
 }
Modified: trunk/reactos/drivers/filesystems/fastfat/rw.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/fastfat...
==============================================================================
--- trunk/reactos/drivers/filesystems/fastfat/rw.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/fastfat/rw.c	[iso-8859-1] Fri Aug  7 19:17:40 2015
@@ -656,9 +656,9 @@
     }
Buffer = VfatGetUserBuffer(IrpContext->Irp, BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
-    {
-        Status = STATUS_INVALID_USER_BUFFER;
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
+    if (!NT_SUCCESS(Status))
+    {
         goto ByeBye;
     }
@@ -714,12 +714,6 @@
         if (ByteOffset.QuadPart + Length > ROUND_UP(Fcb->RFCB.FileSize.QuadPart, BytesPerSector))
         {
             Length = (ULONG)(ROUND_UP(Fcb->RFCB.FileSize.QuadPart, BytesPerSector) - ByteOffset.QuadPart);
-        }
-
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
         }
Status = VfatReadFileData(IrpContext, Length, ByteOffset, &ReturnedLength);
@@ -927,12 +921,11 @@
     OldFileSize = Fcb->RFCB.FileSize;
Buffer = VfatGetUserBuffer(IrpContext->Irp, BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
-    {
-        Status = STATUS_INVALID_USER_BUFFER;
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
+    if (!NT_SUCCESS(Status))
+    {
         goto ByeBye;
     }
-
if (!(Fcb->Flags & (FCB_IS_FAT|FCB_IS_VOLUME)) &&
         !(IrpContext->Irp->Flags & IRP_PAGING_IO) &&
@@ -997,12 +990,6 @@
         if (ByteOffset.QuadPart > OldFileSize.QuadPart)
         {
             CcZeroData(IrpContext->FileObject, &OldFileSize, &ByteOffset, TRUE);
-        }
-
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
         }
Status = VfatWriteFileData(IrpContext, Length, ByteOffset);
Modified: trunk/reactos/ntoskrnl/cc/copy.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cc/copy.c?rev=6861...
==============================================================================
--- trunk/reactos/ntoskrnl/cc/copy.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/cc/copy.c	[iso-8859-1] Fri Aug  7 19:17:40 2015
@@ -284,7 +284,7 @@
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
@@ -321,7 +321,7 @@
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
     IoStatus->Status = STATUS_SUCCESS;

    