Author: aandrejevic
Date: Wed Apr 22 12:13:14 2015
New Revision: 67347
URL: http://svn.reactos.org/svn/reactos?rev=67347&view=rev
Log:
[NTVDM]
Avoid array indexing with invalid indexes, always.
Modified:
trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c?rev=67347&r1=67346&r2=67347&view=diff
==============================================================================
--- trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c [iso-8859-1]
(original)
+++ trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/emsdrv.c [iso-8859-1]
Wed Apr 22 12:13:14 2015
@@ -35,12 +35,18 @@
/* PRIVATE FUNCTIONS
**********************************************************/
+static PEMS_HANDLE GetHandleRecord(USHORT Handle)
+{
+ if (Handle >= EMS_MAX_HANDLES) return NULL;
+ return &HandleTable[Handle];
+}
+
static USHORT EmsFree(USHORT Handle)
{
PLIST_ENTRY Entry;
- PEMS_HANDLE HandleEntry = &HandleTable[Handle];
-
- if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated)
+ PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);
+
+ if (HandleEntry == NULL || !HandleEntry->Allocated)
{
return EMS_STATUS_INVALID_HANDLE;
}
@@ -131,7 +137,7 @@
static USHORT EmsMap(USHORT Handle, UCHAR PhysicalPage, USHORT LogicalPage)
{
PEMS_PAGE PageEntry;
- PEMS_HANDLE HandleEntry = &HandleTable[Handle];
+ PEMS_HANDLE HandleEntry = GetHandleRecord(Handle);
if (PhysicalPage >= EMS_PHYSICAL_PAGES) return
EMS_STATUS_INV_PHYSICAL_PAGE;
if (LogicalPage == 0xFFFF)
@@ -141,7 +147,10 @@
return EMS_STATUS_OK;
}
- if (Handle >= EMS_MAX_HANDLES || !HandleEntry->Allocated) return
EMS_STATUS_INVALID_HANDLE;
+ if (HandleEntry == NULL || !HandleEntry->Allocated)
+ {
+ return EMS_STATUS_INVALID_HANDLE;
+ }
PageEntry = GetLogicalPage(HandleEntry, LogicalPage);
if (!PageEntry) return EMS_STATUS_INV_LOGICAL_PAGE;
@@ -224,9 +233,9 @@
if (Data->SourceType)
{
/* Expanded memory */
- HandleEntry = &HandleTable[Data->SourceHandle];
-
- if (Data->SourceHandle >= EMS_MAX_HANDLES ||
!HandleEntry->Allocated)
+ HandleEntry = GetHandleRecord(Data->SourceHandle);
+
+ if (HandleEntry == NULL || !HandleEntry->Allocated)
{
setAL(EMS_STATUS_INVALID_HANDLE);
break;
@@ -253,9 +262,9 @@
if (Data->DestType)
{
/* Expanded memory */
- HandleEntry = &HandleTable[Data->DestHandle];
-
- if (Data->SourceHandle >= EMS_MAX_HANDLES ||
!HandleEntry->Allocated)
+ HandleEntry = GetHandleRecord(Data->DestHandle);
+
+ if (HandleEntry == NULL || !HandleEntry->Allocated)
{
setAL(EMS_STATUS_INVALID_HANDLE);
break;
Modified: trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c?rev=67347&r1=67346&r2=67347&view=diff
==============================================================================
--- trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c [iso-8859-1]
(original)
+++ trunk/reactos/subsystems/mvdm/ntvdm/dos/dos32krnl/himem.c [iso-8859-1]
Wed Apr 22 12:13:14 2015
@@ -46,9 +46,10 @@
static inline PXMS_HANDLE GetHandleRecord(WORD Handle)
{
- PXMS_HANDLE Entry = &HandleTable[Handle - 1];
+ PXMS_HANDLE Entry;
if (Handle == 0 || Handle >= XMS_MAX_HANDLES) return NULL;
+ Entry = &HandleTable[Handle - 1];
return Entry->Size ? Entry : NULL;
}
