ntdll: Check buffer for access in NtRead/WriteVirtualMemory.

This also triggers page faults needed for DIB section access and write watches.

ntdll: Check buffer for access in NtRead/WriteVirtualMemory.
858a7efd · Alexandre Julliard · e016d2ec · 858a7efd
Commit 858a7efd authored Jan 14, 2009 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 12 deletions

virtual.c dlls/ntdll/virtual.c +28 -12

No files found.
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -2615,14 +2615,22 @@ NTSTATUS WINAPI NtReadVirtualMemory( HANDLE process, const void *addr, void *buf
 {
    NTSTATUS status;
-    SERVER_START_REQ( read_process_memory )
+    if (virtual_check_buffer_for_write( buffer, size ))
    {
-        req->handle = wine_server_obj_handle( process );
+        SERVER_START_REQ( read_process_memory )
-        req->addr   = wine_server_client_ptr( addr );
+        {
-        wine_server_set_reply( req, buffer, size );
+            req->handle = wine_server_obj_handle( process );
-        if ((status = wine_server_call( req ))) size = 0;
+            req->addr   = wine_server_client_ptr( addr );
+            wine_server_set_reply( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_ACCESS_VIOLATION;
+        size = 0;
    }
-    SERVER_END_REQ;
    if (bytes_read) *bytes_read = size;
    return status;
 }
@@ -2637,14 +2645,22 @@ NTSTATUS WINAPI NtWriteVirtualMemory( HANDLE process, void *addr, const void *bu
 {
    NTSTATUS status;
-    SERVER_START_REQ( write_process_memory )
+    if (virtual_check_buffer_for_read( buffer, size ))
    {
-        req->handle     = wine_server_obj_handle( process );
+        SERVER_START_REQ( write_process_memory )
-        req->addr       = wine_server_client_ptr( addr );
+        {
-        wine_server_add_data( req, buffer, size );
+            req->handle     = wine_server_obj_handle( process );
-        if ((status = wine_server_call( req ))) size = 0;
+            req->addr       = wine_server_client_ptr( addr );
+            wine_server_add_data( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_PARTIAL_COPY;
+        size = 0;
    }
-    SERVER_END_REQ;
    if (bytes_written) *bytes_written = size;
    return status;
 }