[hbelusca] 65003: [NTVDM]: Fix the validity check of the hVdd handle in the port structure so that we don't try to call an invalid VDD IO handler. That fixes stack corruption for example in the cas... - Ros-diffs

26 Oct 2014

Author: hbelusca
Date: Sun Oct 26 02:27:11 2014
New Revision: 65003

URL: http://svn.reactos.org/svn/reactos?rev=65003&view=rev
Log:
[NTVDM]: Fix the validity check of the hVdd handle in the port structure so that we
don't try to call an invalid VDD IO handler. That fixes stack corruption for example
in the case of OUTSB/W operations, where we could call an invalid VDD handler taking 3
parameters that in fact calls (because VDD handlers and our internal ones are stored in a
union, the choice of the handler is done via the hVdd value) an internal handler taking
only 2 parameters... Bug triggered when testing MSVC-compiled NTVDM in speed-optimized
mode. Diagnosed by V. and I, thanks V!

Modified:
    trunk/reactos/subsystems/ntvdm/io.c

Modified: trunk/reactos/subsystems/ntvdm/io.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/ntvdm/io.c?rev=…
==============================================================================

--- trunk/reactos/subsystems/ntvdm/io.c	[iso-8859-1] (original)
+++ trunk/reactos/subsystems/ntvdm/io.c	[iso-8859-1] Sun Oct 26 02:27:11 2014
@@ -37,7 +37,7 @@
 
 typedef struct _EMULATOR_IOPORT_HANDLERS
 {
-    HANDLE hVdd; // == 0 if unused,
+    HANDLE hVdd; // == NULL if unused,
                  //    INVALID_HANDLE_VALUE if handled internally,
                  //    a valid VDD handle   if handled externally.
     union
@@ -65,7 +65,7 @@
     {
         return IoPortProc[Port].IoHandlers.InB(Port);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.inb_handler)
     {
         UCHAR Data;
@@ -91,7 +91,7 @@
     {
         IoPortProc[Port].IoHandlers.InsB(Port, Buffer, Count);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.insb_handler)
     {
         ASSERT(Port  <= MAXWORD);
@@ -113,7 +113,7 @@
     {
         IoPortProc[Port].IoHandlers.OutB(Port, Buffer);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.outb_handler)
     {
         ASSERT(Port <= MAXWORD);
@@ -136,7 +136,7 @@
     {
         IoPortProc[Port].IoHandlers.OutsB(Port, Buffer, Count);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.outsb_handler)
     {
         ASSERT(Port  <= MAXWORD);
@@ -157,7 +157,7 @@
     {
         return IoPortProc[Port].IoHandlers.InW(Port);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.inw_handler)
     {
         USHORT Data;
@@ -186,7 +186,7 @@
     {
         IoPortProc[Port].IoHandlers.InsW(Port, Buffer, Count);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.insw_handler)
     {
         ASSERT(Port  <= MAXWORD);
@@ -208,7 +208,7 @@
     {
         IoPortProc[Port].IoHandlers.OutW(Port, Buffer);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.outw_handler)
     {
         ASSERT(Port <= MAXWORD);
@@ -232,7 +232,7 @@
     {
         IoPortProc[Port].IoHandlers.OutsW(Port, Buffer, Count);
     }
-    else if (IoPortProc[Port].hVdd > 0 &&
+    else if (IoPortProc[Port].hVdd != NULL && IoPortProc[Port].hVdd !=
INVALID_HANDLE_VALUE &&
              IoPortProc[Port].VddIoHandlers.outsw_handler)
     {
         ASSERT(Port  <= MAXWORD);
@@ -501,8 +501,8 @@
                  PVDD_IO_PORTRANGE pPortRange,
                  PVDD_IO_HANDLERS  IOhandler)
 {
-    /* Check possible validity of the VDD handle */
-    if (hVdd == 0 || hVdd == INVALID_HANDLE_VALUE) return FALSE;
+    /* Check validity of the VDD handle */
+    if (hVdd == NULL || hVdd == INVALID_HANDLE_VALUE) return FALSE;
 
     /* Loop for each range of I/O ports */
     while (cPortRange--)
@@ -516,7 +516,7 @@
              * Don't do anything if the I/O port is already
              * handled internally or externally.
              */
-            if (IoPortProc[i].hVdd != 0)
+            if (IoPortProc[i].hVdd != NULL)
             {
                 DPRINT1("IoPortProc[0x%X] already registered\n", i);
                 continue;
@@ -560,8 +560,8 @@
                    WORD              cPortRange,
                    PVDD_IO_PORTRANGE pPortRange)
 {
-    /* Check possible validity of the VDD handle */
-    if (hVdd == 0 || hVdd == INVALID_HANDLE_VALUE) return;
+    /* Check validity of the VDD handle */
+    if (hVdd == NULL || hVdd == INVALID_HANDLE_VALUE) return;
 
     /* Loop for each range of I/O ports */
     while (cPortRange--)



    