Commit 2ae6f4bd authored by Alexandre Julliard's avatar Alexandre Julliard

Fixed bitmap range checking to avoid integer overflows.

parent e7fd6fd2
...@@ -98,7 +98,7 @@ VOID WINAPI RtlInitializeBitMap(PRTL_BITMAP lpBits, LPBYTE lpBuff, ULONG ulSize) ...@@ -98,7 +98,7 @@ VOID WINAPI RtlInitializeBitMap(PRTL_BITMAP lpBits, LPBYTE lpBuff, ULONG ulSize)
VOID WINAPI RtlSetAllBits(PRTL_BITMAP lpBits) VOID WINAPI RtlSetAllBits(PRTL_BITMAP lpBits)
{ {
TRACE("(%p)\n", lpBits); TRACE("(%p)\n", lpBits);
memset(lpBits->BitMapBuffer, 0xff, ((lpBits->SizeOfBitMap + 31) & 0xffffffe0) >> 3); memset(lpBits->BitMapBuffer, 0xff, ((lpBits->SizeOfBitMap + 31) & ~31) >> 3);
} }
/************************************************************************* /*************************************************************************
...@@ -116,7 +116,7 @@ VOID WINAPI RtlSetAllBits(PRTL_BITMAP lpBits) ...@@ -116,7 +116,7 @@ VOID WINAPI RtlSetAllBits(PRTL_BITMAP lpBits)
VOID WINAPI RtlClearAllBits(PRTL_BITMAP lpBits) VOID WINAPI RtlClearAllBits(PRTL_BITMAP lpBits)
{ {
TRACE("(%p)\n", lpBits); TRACE("(%p)\n", lpBits);
memset(lpBits->BitMapBuffer, 0, ((lpBits->SizeOfBitMap + 31) & 0xffffffe0) >> 3); memset(lpBits->BitMapBuffer, 0, ((lpBits->SizeOfBitMap + 31) & ~31) >> 3);
} }
/************************************************************************* /*************************************************************************
...@@ -138,7 +138,9 @@ VOID WINAPI RtlSetBits(PRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount) ...@@ -138,7 +138,9 @@ VOID WINAPI RtlSetBits(PRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount)
TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount); TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount);
if (!lpBits || !ulCount || ulStart + ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount ||
ulStart >= lpBits->SizeOfBitMap ||
ulCount > lpBits->SizeOfBitMap - ulStart)
return; return;
lpOut = lpBits->BitMapBuffer + (ulStart >> 3u); lpOut = lpBits->BitMapBuffer + (ulStart >> 3u);
...@@ -193,7 +195,9 @@ VOID WINAPI RtlClearBits(PRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount) ...@@ -193,7 +195,9 @@ VOID WINAPI RtlClearBits(PRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount)
TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount); TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount);
if (!lpBits || !ulCount || ulStart + ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount ||
ulStart >= lpBits->SizeOfBitMap ||
ulCount > lpBits->SizeOfBitMap - ulStart)
return; return;
lpOut = lpBits->BitMapBuffer + (ulStart >> 3u); lpOut = lpBits->BitMapBuffer + (ulStart >> 3u);
...@@ -251,7 +255,9 @@ BOOLEAN WINAPI RtlAreBitsSet(PCRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount) ...@@ -251,7 +255,9 @@ BOOLEAN WINAPI RtlAreBitsSet(PCRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount)
TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount); TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount);
if (!lpBits || !ulCount || ulStart + ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount ||
ulStart >= lpBits->SizeOfBitMap ||
ulCount > lpBits->SizeOfBitMap - ulStart)
return FALSE; return FALSE;
lpOut = lpBits->BitMapBuffer + (ulStart >> 3u); lpOut = lpBits->BitMapBuffer + (ulStart >> 3u);
...@@ -319,7 +325,9 @@ BOOLEAN WINAPI RtlAreBitsClear(PCRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount ...@@ -319,7 +325,9 @@ BOOLEAN WINAPI RtlAreBitsClear(PCRTL_BITMAP lpBits, ULONG ulStart, ULONG ulCount
TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount); TRACE("(%p,%ld,%ld)\n", lpBits, ulStart, ulCount);
if (!lpBits || !ulCount || ulStart + ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount ||
ulStart >= lpBits->SizeOfBitMap ||
ulCount > lpBits->SizeOfBitMap - ulStart)
return FALSE; return FALSE;
lpOut = lpBits->BitMapBuffer + (ulStart >> 3u); lpOut = lpBits->BitMapBuffer + (ulStart >> 3u);
...@@ -383,7 +391,7 @@ ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint) ...@@ -383,7 +391,7 @@ ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint)
TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint); TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint);
if (!lpBits || !ulCount || ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount || ulCount > lpBits->SizeOfBitMap)
return -1u; return ~0UL;
ulEnd = lpBits->SizeOfBitMap; ulEnd = lpBits->SizeOfBitMap;
...@@ -407,7 +415,7 @@ ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint) ...@@ -407,7 +415,7 @@ ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint)
else else
ulPos++; ulPos++;
} }
return -1u; return ~0UL;
} }
/************************************************************************* /*************************************************************************
...@@ -430,7 +438,7 @@ ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint) ...@@ -430,7 +438,7 @@ ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint)
TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint); TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint);
if (!lpBits || !ulCount || ulCount > lpBits->SizeOfBitMap) if (!lpBits || !ulCount || ulCount > lpBits->SizeOfBitMap)
return -1u; return ~0UL;
ulEnd = lpBits->SizeOfBitMap; ulEnd = lpBits->SizeOfBitMap;
...@@ -454,7 +462,7 @@ ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint) ...@@ -454,7 +462,7 @@ ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP lpBits, ULONG ulCount, ULONG ulHint)
else else
ulPos++; ulPos++;
} }
return -1u; return ~0UL;
} }
/************************************************************************* /*************************************************************************
...@@ -477,7 +485,7 @@ ULONG WINAPI RtlFindSetBitsAndClear(PRTL_BITMAP lpBits, ULONG ulCount, ULONG ulH ...@@ -477,7 +485,7 @@ ULONG WINAPI RtlFindSetBitsAndClear(PRTL_BITMAP lpBits, ULONG ulCount, ULONG ulH
TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint); TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint);
ulPos = RtlFindSetBits(lpBits, ulCount, ulHint); ulPos = RtlFindSetBits(lpBits, ulCount, ulHint);
if (ulPos != -1u) if (ulPos != ~0UL)
RtlClearBits(lpBits, ulPos, ulCount); RtlClearBits(lpBits, ulPos, ulCount);
return ulPos; return ulPos;
} }
...@@ -502,7 +510,7 @@ ULONG WINAPI RtlFindClearBitsAndSet(PRTL_BITMAP lpBits, ULONG ulCount, ULONG ulH ...@@ -502,7 +510,7 @@ ULONG WINAPI RtlFindClearBitsAndSet(PRTL_BITMAP lpBits, ULONG ulCount, ULONG ulH
TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint); TRACE("(%p,%ld,%ld)\n", lpBits, ulCount, ulHint);
ulPos = RtlFindClearBits(lpBits, ulCount, ulHint); ulPos = RtlFindClearBits(lpBits, ulCount, ulHint);
if (ulPos != -1u) if (ulPos != ~0UL)
RtlSetBits(lpBits, ulPos, ulCount); RtlSetBits(lpBits, ulPos, ulCount);
return ulPos; return ulPos;
} }
...@@ -707,7 +715,7 @@ static ULONG NTDLL_FindSetRun(PCRTL_BITMAP lpBits, ULONG ulStart, PULONG lpSize) ...@@ -707,7 +715,7 @@ static ULONG NTDLL_FindSetRun(PCRTL_BITMAP lpBits, ULONG ulStart, PULONG lpSize)
ulStart = (ulStart & ~7u) + 8; ulStart = (ulStart & ~7u) + 8;
lpOut++; lpOut++;
if (ulStart >= lpBits->SizeOfBitMap) if (ulStart >= lpBits->SizeOfBitMap)
return -1u; return ~0UL;
} }
/* Count blocks of 8 set bits */ /* Count blocks of 8 set bits */
...@@ -795,7 +803,7 @@ static ULONG NTDLL_FindClearRun(PCRTL_BITMAP lpBits, ULONG ulStart, PULONG lpSiz ...@@ -795,7 +803,7 @@ static ULONG NTDLL_FindClearRun(PCRTL_BITMAP lpBits, ULONG ulStart, PULONG lpSiz
ulStart = (ulStart & ~7u) + 8; ulStart = (ulStart & ~7u) + 8;
lpOut++; lpOut++;
if (ulStart >= lpBits->SizeOfBitMap) if (ulStart >= lpBits->SizeOfBitMap)
return -1u; return ~0UL;
} }
/* Count blocks of 8 clear bits */ /* Count blocks of 8 clear bits */
...@@ -938,14 +946,14 @@ static ULONG WINAPI NTDLL_FindRuns(PCRTL_BITMAP lpBits, PRTL_BITMAP_RUN lpSeries ...@@ -938,14 +946,14 @@ static ULONG WINAPI NTDLL_FindRuns(PCRTL_BITMAP lpBits, PRTL_BITMAP_RUN lpSeries
TRACE("(%p,%p,%ld,%d)\n", lpBits, lpSeries, ulCount, bLongest); TRACE("(%p,%p,%ld,%d)\n", lpBits, lpSeries, ulCount, bLongest);
if (!ulCount) if (!ulCount)
return -1u; return ~0UL;
while (ulPos < lpBits->SizeOfBitMap) while (ulPos < lpBits->SizeOfBitMap)
{ {
/* Find next set/clear run */ /* Find next set/clear run */
ULONG ulSize, ulNextPos = fn(lpBits, ulPos, &ulSize); ULONG ulSize, ulNextPos = fn(lpBits, ulPos, &ulSize);
if (ulNextPos == -1u) if (ulNextPos == ~0UL)
break; break;
if (bLongest && ulRuns == ulCount) if (bLongest && ulRuns == ulCount)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment