01/02: [NTOSKRNL] Avoid integer overflow when computing VACB read/write size - Ros-diffs

21 Sep 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=15a3ca08b045941efdb49f...
commit 15a3ca08b045941efdb49f15ec71beb41eb777f2
Author:     Pierre Schweitzer pierre@reactos.org
AuthorDate: Fri Sep 21 08:31:05 2018 +0200
Commit:     Pierre Schweitzer pierre@reactos.org
CommitDate: Fri Sep 21 08:37:20 2018 +0200
[NTOSKRNL] Avoid integer overflow when computing VACB read/write size
This could be triggered when attempting to read/write to really big
    files. It was causing an attempt to read 0 bytes in Cc, leading to
    asserts failure in the kernel (and corrupted file).
CORE-15067
---
 ntoskrnl/cc/copy.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/ntoskrnl/cc/copy.c b/ntoskrnl/cc/copy.c
index a46ed96640..78c6553d8a 100644
--- a/ntoskrnl/cc/copy.c
+++ b/ntoskrnl/cc/copy.c
@@ -86,12 +86,14 @@ CcReadVirtualAddress (
     NTSTATUS Status;
     IO_STATUS_BLOCK IoStatus;
     KEVENT Event;
+    ULARGE_INTEGER LargeSize;
-    Size = (ULONG)(Vacb->SharedCacheMap->SectionSize.QuadPart - Vacb->FileOffset.QuadPart);
-    if (Size > VACB_MAPPING_GRANULARITY)
+    LargeSize.QuadPart = Vacb->SharedCacheMap->SectionSize.QuadPart - Vacb->FileOffset.QuadPart;
+    if (LargeSize.QuadPart > VACB_MAPPING_GRANULARITY)
     {
-        Size = VACB_MAPPING_GRANULARITY;
+        LargeSize.QuadPart = VACB_MAPPING_GRANULARITY;
     }
+    Size = LargeSize.LowPart;
Pages = BYTES_TO_PAGES(Size);
     ASSERT(Pages * PAGE_SIZE <= VACB_MAPPING_GRANULARITY);
@@ -155,12 +157,14 @@ CcWriteVirtualAddress (
     NTSTATUS Status;
     IO_STATUS_BLOCK IoStatus;
     KEVENT Event;
+    ULARGE_INTEGER LargeSize;
-    Size = (ULONG)(Vacb->SharedCacheMap->SectionSize.QuadPart - Vacb->FileOffset.QuadPart);
-    if (Size > VACB_MAPPING_GRANULARITY)
+    LargeSize.QuadPart = Vacb->SharedCacheMap->SectionSize.QuadPart - Vacb->FileOffset.QuadPart;
+    if (LargeSize.QuadPart > VACB_MAPPING_GRANULARITY)
     {
-        Size = VACB_MAPPING_GRANULARITY;
+        LargeSize.QuadPart = VACB_MAPPING_GRANULARITY;
     }
+    Size = LargeSize.LowPart;
     //
     // Nonpaged pool PDEs in ReactOS must actually be synchronized between the
     // MmGlobalPageDirectory and the real system PDE directory. What a mess...

    