[fireball] 41203: - Add missing parameters probing. - Ros-diffs

30 May 2009

Author: fireball
Date: Sat May 30 14:57:31 2009
New Revision: 41203
URL: http://svn.reactos.org/svn/reactos?rev=41203&view=rev
Log:
- Add missing parameters probing.
Modified:
    trunk/reactos/ntoskrnl/mm/anonmem.c
Modified: trunk/reactos/ntoskrnl/mm/anonmem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/anonmem.c?rev=4...
==============================================================================

--- trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/anonmem.c [iso-8859-1] Sat May 30 14:57:31 2009
@@ -949,12 +949,14 @@
  */
 {
    MEMORY_AREA* MemoryArea;
-   NTSTATUS Status;
+   NTSTATUS Status = STATUS_SUCCESS;
    PEPROCESS Process;
    PMMSUPPORT AddressSpace;
    PVOID BaseAddress;
    ULONG RegionSize;
+   PAGED_CODE();
+
    DPRINT("NtFreeVirtualMemory(ProcessHandle %x, *PBaseAddress %x, "
           "*PRegionSize %x, FreeType %x)\n",ProcessHandle,*PBaseAddress,
           *PRegionSize,FreeType);
@@ -963,6 +965,23 @@
     {
         DPRINT1("Invalid FreeType\n");
         return STATUS_INVALID_PARAMETER_4;
+    }
+
+    if(ExGetPreviousMode() != KernelMode)
+    {
+        _SEH2_TRY
+        {
+            /* Probe user pointers */
+            ProbeForWriteSize_t(PRegionSize);
+            ProbeForWritePointer(PBaseAddress);
+        }
+        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+        {
+            /* Get exception code */
+            Status = _SEH2_GetExceptionCode();
+        }
+        _SEH2_END;
+        if (!NT_SUCCESS(Status)) return Status;
     }
BaseAddress = (PVOID)PAGE_ROUND_DOWN((*PBaseAddress));

    