https://git.reactos.org/?p=reactos.git;a=commitdiff;h=aa46e0f0a7471dc86ec9118fa0f83736dd9de420
commit aa46e0f0a7471dc86ec9118fa0f83736dd9de420
Author: Timo Kreuzer <timo.kreu...@reactos.org>
AuthorDate: Fri Jan 31 11:30:50 2025 +0200
Commit: Timo Kreuzer <timo.kreu...@reactos.org>
CommitDate: Tue Feb 4 09:00:35 2025 +0200
[RTL/x64] Fix a bug in RtlpUnwindInternal
Check if the stack pointer is out of bounds, before trying to unwind a
frame. This will not fix any crashes, but it prevents simple crashes from going
into a recursive exception.
---
sdk/lib/rtl/amd64/unwind.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/sdk/lib/rtl/amd64/unwind.c b/sdk/lib/rtl/amd64/unwind.c
index 72393b9404b..3a438390cb6 100644
--- a/sdk/lib/rtl/amd64/unwind.c
+++ b/sdk/lib/rtl/amd64/unwind.c
@@ -649,6 +649,18 @@ Exit:
return NULL;
}
+static __inline
+BOOL
+RtlpIsStackPointerValid(
+ _In_ ULONG64 StackPointer,
+ _In_ ULONG64 LowLimit,
+ _In_ ULONG64 HighLimit)
+{
+ return (StackPointer >= LowLimit) &&
+ (StackPointer < HighLimit) &&
+ ((StackPointer & 7) == 0);
+}
+
/*!
\remark The implementation is based on the description in this blog:
http://www.nynaeve.net/?p=106
@@ -699,6 +711,11 @@ RtlpUnwindInternal(
/* Start looping */
while (TRUE)
{
+ if (!RtlpIsStackPointerValid(UnwindContext.Rsp, StackLow, StackHigh))
+ {
+ return FALSE;
+ }
+
/* Lookup the FunctionEntry for the current RIP */
FunctionEntry = RtlLookupFunctionEntry(UnwindContext.Rip, &ImageBase,
NULL);
if (FunctionEntry == NULL)
