[reactos] 01/01: [NTOS:MM] Fix more 64 bit arithmetics - Ros-diffs

15 Dec 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=96ae15ac4bfa3c43fe08aa...
commit 96ae15ac4bfa3c43fe08aa959f58fd8a1449e8e0
Author:     Jérôme Gardou jerome.gardou@reactos.org
AuthorDate: Tue Dec 15 10:07:27 2020 +0100
Commit:     Jérôme Gardou jerome.gardou@reactos.org
CommitDate: Tue Dec 15 10:08:25 2020 +0100
[NTOS:MM] Fix more 64 bit arithmetics
---
 ntoskrnl/mm/ARM3/section.c | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/ntoskrnl/mm/ARM3/section.c b/ntoskrnl/mm/ARM3/section.c
index 347f3ca4074..02ead9a70a5 100644
--- a/ntoskrnl/mm/ARM3/section.c
+++ b/ntoskrnl/mm/ARM3/section.c
@@ -1299,6 +1299,14 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea,
     {
         /* The caller did not, so pick a 64K aligned view size based on the offset */
         SectionOffset->LowPart &= ~(_64K - 1);
+
+        /* Make sure that we will not overflow */
+        if ((Section->SizeOfSection.QuadPart - SectionOffset->QuadPart) > MAXLONG_PTR)
+        {
+            MiDereferenceControlArea(ControlArea);
+            return STATUS_INVALID_VIEW_SIZE;
+        }
+
         *ViewSize = (SIZE_T)(Section->SizeOfSection.QuadPart - SectionOffset->QuadPart);
     }
     else
@@ -1306,6 +1314,13 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea,
         /* A size was specified, align it to a 64K boundary */
         *ViewSize += SectionOffset->LowPart & (_64K - 1);
+        /* Check for overflow or huge value */
+        if ((*ViewSize < (SectionOffset->LowPart & (_64K - 1))) || ((*ViewSize) > MAXLONG_PTR))
+        {
+            MiDereferenceControlArea(ControlArea);
+            return STATUS_INVALID_VIEW_SIZE;
+        }
+
         /* Align the offset as well to make this an aligned map */
         SectionOffset->LowPart &= ~((ULONG)_64K - 1);
     }
@@ -1313,13 +1328,6 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea,
     /* We must be dealing with a 64KB aligned offset. This is a Windows ASSERT */
     ASSERT((SectionOffset->LowPart & ((ULONG)_64K - 1)) == 0);
-    /* It's illegal to try to map more than overflows a LONG_PTR */
-    if (*ViewSize >= MAXLONG_PTR)
-    {
-        MiDereferenceControlArea(ControlArea);
-        return STATUS_INVALID_VIEW_SIZE;
-    }
-
     /* Windows ASSERTs for this flag */
     ASSERT(ControlArea->u.Flags.GlobalOnlyPerSession == 0);
@@ -1535,7 +1543,10 @@ MiCreatePagingFileMap(OUT PSEGMENT *Segment,
     SizeLimit <<= PAGE_SHIFT;
/* Fail if this size is too big */
-    if (MaximumSize->QuadPart > SizeLimit) return STATUS_SECTION_TOO_BIG;
+    if (MaximumSize->QuadPart > SizeLimit)
+    {
+        return STATUS_SECTION_TOO_BIG;
+    }
/* Calculate how many Prototype PTEs will be needed */
     PteCount = (PFN_COUNT)((MaximumSize->QuadPart + PAGE_SIZE - 1) >> PAGE_SHIFT);
@@ -1592,7 +1603,7 @@ MiCreatePagingFileMap(OUT PSEGMENT *Segment,
/* Save some extra accounting data for the segment as well */
     NewSegment->u1.CreatingProcess = PsGetCurrentProcess();
-    NewSegment->SizeOfSegment = PteCount * PAGE_SIZE;
+    NewSegment->SizeOfSegment = ((ULONGLONG)PteCount) * PAGE_SIZE;
     NewSegment->TotalNumberOfPtes = PteCount;
     NewSegment->NonExtendedPtes = PteCount;

    