[aandrejevic] 67347: [NTVDM] Avoid array indexing with invalid indexes, always. - Ros-diffs

22 Apr 2015

Author: aandrejevic
Date: Wed Apr 22 12:13:14 2015
New Revision: 67347
URL: http://svn.reactos.org/svn/reactos?rev=67347&view=rev
Log:
[NTVDM]
Avoid array indexing with invalid indexes, always.
Modified:
    trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
    trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/mvdm/ntvdm/dos/d...
==============================================================================

--- trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c	[iso-8859-1] (original)
+++ trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c	[iso-8859-1] Wed Apr 22 12:13:14 2015
@@ -35,12 +35,18 @@
/* PRIVATE FUNCTIONS **********************************************************/
+static PEMS_HANDLE GetHandleRecord(USHORT Handle)
+{
+    if (Handle >= EMS_MAX_HANDLES) return NULL;
+    return &HandleTable[Handle];
+}
+
 static USHORT EmsFree(USHORT Handle)
 {
     PLIST_ENTRY Entry;
-    PEMS_HANDLE HandleEntry = &HandleTable[Handle];
-
-    if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+    PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);
+
+    if (HandleEntry == NULL || !HandleEntry->Allocated)
     {
         return EMS_STATUS_INVALID_HANDLE;
     }
@@ -131,7 +137,7 @@
 static USHORT EmsMap(USHORT Handle, UCHAR PhysicalPage, USHORT LogicalPage)
 {
     PEMS_PAGE PageEntry;
-    PEMS_HANDLE HandleEntry = &HandleTable[Handle];
+    PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);
if (PhysicalPage >= EMS_PHYSICAL_PAGES) return EMS_STATUS_INV_PHYSICAL_PAGE;
     if (LogicalPage == 0xFFFF)
@@ -141,7 +147,10 @@
         return EMS_STATUS_OK;
     }
-    if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated) return EMS_STATUS_INVALID_HANDLE;
+    if (HandleEntry == NULL || !HandleEntry->Allocated)
+    {
+        return EMS_STATUS_INVALID_HANDLE;
+    }
PageEntry = GetLogicalPage(HandleEntry, LogicalPage);
     if (!PageEntry) return EMS_STATUS_INV_LOGICAL_PAGE; 
@@ -224,9 +233,9 @@
             if (Data->SourceType)
             {
                 /* Expanded memory */
-                HandleEntry = &HandleTable[Data->SourceHandle];
-
-                if (Data->SourceHandle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+                HandleEntry = GetHandleRecord(Data->SourceHandle);
+
+                if (HandleEntry == NULL || !HandleEntry->Allocated)
                 {
                     setAL(EMS_STATUS_INVALID_HANDLE);
                     break;
@@ -253,9 +262,9 @@
             if (Data->DestType)
             {
                 /* Expanded memory */
-                HandleEntry = &HandleTable[Data->DestHandle];
-
-                if (Data->SourceHandle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+                HandleEntry = GetHandleRecord(Data->DestHandle);
+
+                if (HandleEntry == NULL || !HandleEntry->Allocated)
                 {
                     setAL(EMS_STATUS_INVALID_HANDLE);
                     break;
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/mvdm/ntvdm/dos/d...
==============================================================================
--- trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c	[iso-8859-1] (original)
+++ trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c	[iso-8859-1] Wed Apr 22 12:13:14 2015
@@ -46,9 +46,10 @@
static inline PXMS_HANDLE GetHandleRecord(WORD Handle)
 {
-    PXMS_HANDLE Entry = &HandleTable[Handle - 1];
+    PXMS_HANDLE Entry;
     if (Handle == 0 || Handle >= XMS_MAX_HANDLES) return NULL;
+    Entry = &HandleTable[Handle - 1];
     return Entry->Size ? Entry : NULL;
 }

    