wow64: Return error from NtQueryVirtualMemory(MemoryBasicInformation) for a too-large address.

ebb7d316 · Brendan Shanks · Alexandre Julliard · fb1bfebb · ebb7d316 · ebb7d316
Commit ebb7d316 authored Jul 25, 2022 by Brendan Shanks Committed by Alexandre Julliard Jul 26, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

syscall.c dlls/wow64/syscall.c +2 -0

virtual.c dlls/wow64/virtual.c +5 -2

wow64_private.h dlls/wow64/wow64_private.h +1 -0

No files found.
--- a/dlls/wow64/syscall.c
+++ b/dlls/wow64/syscall.c
@@ -36,6 +36,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(wow);
 USHORT native_machine = 0;
 USHORT current_machine = 0;
 ULONG_PTR args_alignment = 0;
+ULONG_PTR highest_user_address = 0x7ffeffff;
 ULONG_PTR default_zero_bits = 0x7fffffff;

 typedef NTSTATUS (WINAPI *syscall_thunk)( UINT *args );
@@ -573,6 +574,7 @@ static DWORD WINAPI process_init( RTL_RUN_ONCE *once, void *param, void **contex
    if (!current_machine) current_machine = native_machine;
    args_alignment = (current_machine == IMAGE_FILE_MACHINE_I386) ? sizeof(ULONG) : sizeof(ULONG64);
    NtQuerySystemInformation( SystemEmulationBasicInformation, &info, sizeof(info), NULL );
+    highest_user_address = (ULONG_PTR)info.HighestUserAddress;
    default_zero_bits = (ULONG_PTR)info.HighestUserAddress | 0x7fffffff;

 #define GET_PTR(name) p ## name = RtlFindExportedRoutineByName( module, #name )

--- a/dlls/wow64/virtual.c
+++ b/dlls/wow64/virtual.c
@@ -381,7 +381,11 @@ NTSTATUS WINAPI wow64_NtQueryVirtualMemory( UINT *args )
    switch (class)
    {
    case MemoryBasicInformation:  /* MEMORY_BASIC_INFORMATION */
-        if (len >= sizeof(MEMORY_BASIC_INFORMATION32))
+        if (len < sizeof(MEMORY_BASIC_INFORMATION32))
+            status = STATUS_INFO_LENGTH_MISMATCH;
+        else if ((ULONG_PTR)addr > highest_user_address)
+            status = STATUS_INVALID_PARAMETER;
+        else
        {
            MEMORY_BASIC_INFORMATION info;
            MEMORY_BASIC_INFORMATION32 *info32 = ptr;
@@ -397,7 +401,6 @@ NTSTATUS WINAPI wow64_NtQueryVirtualMemory( UINT *args )
                info32->Type = info.Type;
            }
        }
-        else status = STATUS_INFO_LENGTH_MISMATCH;
        res_len = sizeof(MEMORY_BASIC_INFORMATION32);
        break;


--- a/dlls/wow64/wow64_private.h
+++ b/dlls/wow64/wow64_private.h
@@ -39,6 +39,7 @@ extern BOOL get_file_redirect( OBJECT_ATTRIBUTES *attr ) DECLSPEC_HIDDEN;
 extern USHORT native_machine DECLSPEC_HIDDEN;
 extern USHORT current_machine DECLSPEC_HIDDEN;
 extern ULONG_PTR args_alignment DECLSPEC_HIDDEN;
+extern ULONG_PTR highest_user_address DECLSPEC_HIDDEN;
 extern ULONG_PTR default_zero_bits DECLSPEC_HIDDEN;
 extern SYSTEM_DLL_INIT_BLOCK *pLdrSystemDllInitBlock DECLSPEC_HIDDEN;