ntdll: Validate len in NtQueryVirtualMemory.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=45632Signed-off-by: Gijs Vermeulen <gijsvrm@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

ntdll: Validate len in NtQueryVirtualMemory.
d2d52717 · Gijs Vermeulen · Alexandre Julliard · 9a6fcdf4 · d2d52717 · d2d52717
Commit d2d52717 authored Feb 18, 2019 by Gijs Vermeulen Committed by Alexandre Julliard Feb 18, 2019
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

info.c dlls/ntdll/tests/info.c +3 -0

virtual.c dlls/ntdll/virtual.c +3 -0

No files found.
--- a/dlls/ntdll/tests/info.c
+++ b/dlls/ntdll/tests/info.c
@@ -2005,6 +2005,9 @@ static void test_queryvirtualmemory(void)
    /* check error code when addr is higher than working set limit */
    status = pNtQueryVirtualMemory(NtCurrentProcess(), (void *)~0, MemoryBasicInformation, &mbi, sizeof(mbi), &readcount);
    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
+    /* check error code when len is less than MEMORY_BASIC_INFORMATION size */
+    status = pNtQueryVirtualMemory(NtCurrentProcess(), GetProcessHeap(), MemoryBasicInformation, &mbi, sizeof(MEMORY_BASIC_INFORMATION) - 1, &readcount);
+    ok(status == STATUS_INFO_LENGTH_MISMATCH, "Expected STATUS_INFO_LENGTH_MISMATCH, got %08x\n", status);
 }
 static void test_affinity(void)

--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@@ -2820,6 +2820,9 @@ NTSTATUS WINAPI NtQueryVirtualMemory( HANDLE process, LPCVOID addr,
        }
    }
+    if (len < sizeof(MEMORY_BASIC_INFORMATION))
+        return STATUS_INFO_LENGTH_MISMATCH;
    if (process != NtCurrentProcess())
    {
        NTSTATUS status;