Author: tfaber
Date: Thu Apr 24 17:19:20 2014
New Revision: 62958
URL: http://svn.reactos.org/svn/reactos?rev=62958&view=rev
Log:
[WIN32K]
- Reinstate ProbeForWrite call in MmCopyToCaller
CORE-8095 #resolve
Modified:
trunk/reactos/win32ss/user/ntuser/misc/copy.c
trunk/reactos/win32ss/user/ntuser/mmcopy.h
Modified: trunk/reactos/win32ss/user/ntuser/misc/copy.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/misc/copy.c?rev=62958&r1=62957&r2=62958&view=diff
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/misc/copy.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/misc/copy.c [iso-8859-1] Thu Apr 24
17:19:20 2014
@@ -1,12 +1,22 @@
#include "win32k.h"
-NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes ) {
- NTSTATUS Status = STATUS_SUCCESS;
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyFromCaller(
+ _Out_writes_bytes_all_(Bytes) PVOID Target,
+ _In_reads_bytes_(Bytes) PVOID Source,
+ _In_ UINT Bytes)
+{
+ NTSTATUS Status;
+ PAGED_CODE();
+ ASSERT(ExGetPreviousMode() == UserMode);
+
+ Status = STATUS_SUCCESS;
_SEH2_TRY
{
- ProbeForRead(Source,Bytes,1);
- RtlCopyMemory(Target,Source,Bytes);
+ ProbeForRead(Source, Bytes, 1);
+ RtlCopyMemory(Target, Source, Bytes);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@@ -17,13 +27,23 @@
return Status;
}
-NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes ) {
- NTSTATUS Status = STATUS_SUCCESS;
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyToCaller(
+ _Out_writes_bytes_all_(Bytes) PVOID Target,
+ _In_reads_bytes_(Bytes) PVOID Source,
+ _In_ UINT Bytes)
+{
+ NTSTATUS Status;
+ PAGED_CODE();
+ ASSERT(ExGetPreviousMode() == UserMode);
+
+ Status = STATUS_SUCCESS;
_SEH2_TRY
{
- /* ProbeForWrite(Target,Bytes,1); */
- RtlCopyMemory(Target,Source,Bytes);
+ ProbeForWrite(Target, Bytes, 1);
+ RtlCopyMemory(Target, Source, Bytes);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Modified: trunk/reactos/win32ss/user/ntuser/mmcopy.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/mmcopy.h?rev=62958&r1=62957&r2=62958&view=diff
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/mmcopy.h [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/mmcopy.h [iso-8859-1] Thu Apr 24
17:19:20 2014
@@ -1,8 +1,19 @@
#pragma once
-NTSTATUS _MmCopyFromCaller( PVOID Target, PVOID Source, UINT Bytes );
-NTSTATUS _MmCopyToCaller( PVOID Target, PVOID Source, UINT Bytes );
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyFromCaller(
+ _Out_writes_bytes_all_(Bytes) PVOID Target,
+ _In_reads_bytes_(Bytes) PVOID Source,
+ _In_ UINT Bytes);
+
+_IRQL_requires_max_(APC_LEVEL)
+NTSTATUS
+_MmCopyToCaller(
+ _Out_writes_bytes_all_(Bytes) PVOID Target,
+ _In_reads_bytes_(Bytes) PVOID Source,
+ _In_ UINT Bytes);
#define MmCopyFromCaller(x,y,z)
_MmCopyFromCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z))
#define MmCopyToCaller(x,y,z) _MmCopyToCaller((PCHAR)(x),(PCHAR)(y),(UINT)(z))
