Skip to content

W
wine-cw
Commit 969515d0 authored by Lawson Whitney's avatar Lawson Whitney Committed by Alexandre Julliard
Browse files
Options

Protect GlobalHandle() against bad parameters.

parent df12a0d6
Show whitespace changes
Inline Side-by-side
Showing with 39 additions and 10 deletions
memory/global.c
View file @ 969515d0
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include <string.h> #include <string.h>
#include "wine/winbase16.h" #include "wine/winbase16.h"
#include "wine/exception.h"
#include "global.h" #include "global.h"
#include "heap.h" #include "heap.h"
#include "toolhelp.h" #include "toolhelp.h"
...@@ -54,6 +55,21 @@ static int globalArenaSize = 0; ...@@ -54,6 +55,21 @@ static int globalArenaSize = 0;
#define VALID_HANDLE(handle) (((handle)>>__AHSHIFT)<globalArenaSize) #define VALID_HANDLE(handle) (((handle)>>__AHSHIFT)<globalArenaSize)
#define GET_ARENA_PTR(handle) (pGlobalArena + ((handle) >> __AHSHIFT)) #define GET_ARENA_PTR(handle) (pGlobalArena + ((handle) >> __AHSHIFT))
/* filter for page-fault exceptions */
/* It is possible for a bogus global pointer to cause a */
/* page zero reference, so I include EXCEPTION_PRIV_INSTRUCTION too. */
static WINE_EXCEPTION_FILTER(page_fault)
{
switch (GetExceptionCode()) {
case (EXCEPTION_ACCESS_VIOLATION):
case (EXCEPTION_PRIV_INSTRUCTION):
return EXCEPTION_EXECUTE_HANDLER;
default:
return EXCEPTION_CONTINUE_SEARCH;
}
}
/*********************************************************************** /***********************************************************************
* GLOBAL_GetArena * GLOBAL_GetArena
* *
...@@ -1155,30 +1171,43 @@ HGLOBAL WINAPI GlobalHandle( ...@@ -1155,30 +1171,43 @@ HGLOBAL WINAPI GlobalHandle(
return 0; return 0;
} }
/* note that if pmem is a pointer to a a block allocated by */ __TRY
/* GlobalAlloc with GMEM_MOVEABLE then magic test in HeapValidate */ {
/* will fail. */ handle = 0;
/* note that if pmem is a pointer to a a block allocated by */
/* GlobalAlloc with GMEM_MOVEABLE then magic test in HeapValidate */
/* will fail. */
if (ISPOINTER(pmem)) { if (ISPOINTER(pmem)) {
heap = GLOBAL_GetHeap( (HGLOBAL)pmem ); heap = GLOBAL_GetHeap( (HGLOBAL)pmem );
if (HeapValidate( heap, 0, pmem )) if (HeapValidate( heap, 0, pmem )) {
return (HGLOBAL)pmem; /* valid fixed block */ handle = (HGLOBAL)pmem; /* valid fixed block */
break;
}
handle = POINTER_TO_HANDLE(pmem); handle = POINTER_TO_HANDLE(pmem);
} else } else
handle = (HGLOBAL)pmem; handle = (HGLOBAL)pmem;
/* Now test handle either passed in or retrieved from pointer */ /* Now test handle either passed in or retrieved from pointer */
heap = GLOBAL_GetHeap( handle ); heap = GLOBAL_GetHeap( handle );
maybe_intern = HANDLE_TO_INTERN( handle ); maybe_intern = HANDLE_TO_INTERN( handle );
if (maybe_intern->Magic == MAGIC_GLOBAL_USED) { if (maybe_intern->Magic == MAGIC_GLOBAL_USED) {
test = maybe_intern->Pointer; test = maybe_intern->Pointer;
if (HeapValidate( heap, 0, ((HGLOBAL *)test)-1 ) && if (HeapValidate( heap, 0, ((HGLOBAL *)test)-1 ) && /* obj(-handle) valid arena? */
/* obj(-handle) valid arena? */
HeapValidate( heap, 0, maybe_intern )) /* intern valid arena? */ HeapValidate( heap, 0, maybe_intern )) /* intern valid arena? */
return handle; /* valid moveable block */ break; /* valid moveable block */
} }
handle = 0;
SetLastError( ERROR_INVALID_HANDLE );
}
__EXCEPT(page_fault)
{
SetLastError( ERROR_INVALID_HANDLE ); SetLastError( ERROR_INVALID_HANDLE );
return 0; return 0;
}
__ENDTRY
return handle;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment