Author: fireball Date: Sat May 30 14:57:31 2009 New Revision: 41203 URL: http://svn.reactos.org/svn/reactos?rev=41203&view=rev Log: - Add missing parameters probing. Modified: trunk/reactos/ntoskrnl/mm/anonmem.c Modified: trunk/reactos/ntoskrnl/mm/anonmem.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/anonmem.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] Sat May 30 14:57:31 2009 @@ -949,12 +949,14 @@ */ { MEMORY_AREA* MemoryArea; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; PEPROCESS Process; PMMSUPPORT AddressSpace; PVOID BaseAddress; ULONG RegionSize; + PAGED_CODE(); + DPRINT("NtFreeVirtualMemory(ProcessHandle %x, *PBaseAddress %x, " "*PRegionSize %x, FreeType %x)\n",ProcessHandle,*PBaseAddress, *PRegionSize,FreeType); @@ -963,6 +965,23 @@ { DPRINT1("Invalid FreeType\n"); return STATUS_INVALID_PARAMETER_4; + } + + if(ExGetPreviousMode() != KernelMode) + { + _SEH2_TRY + { + /* Probe user pointers */ + ProbeForWriteSize_t(PRegionSize); + ProbeForWritePointer(PBaseAddress); + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + /* Get exception code */ + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + if (!NT_SUCCESS(Status)) return Status; } BaseAddress = (PVOID)PAGE_ROUND_DOWN((*PBaseAddress));