ntdll: Check buffer for access in NtRead/WriteVirtualMemory.

This also triggers page faults needed for DIB section access and write watches.
2025-01-22 11:54:47 +00:00 · 2009-01-14 20:36:27 +01:00 · 2009-01-14 20:36:27 +01:00 · 858a7efdd4
commit 858a7efdd4
parent e016d2ec5e
1 changed files with 28 additions and 12 deletions
--- a/dlls/ntdll/virtual.c
+++ b/dlls/ntdll/virtual.c
@ -2615,14 +2615,22 @@ NTSTATUS WINAPI NtReadVirtualMemory( HANDLE process, const void *addr, void *buf
 {
    NTSTATUS status;

-    SERVER_START_REQ( read_process_memory )
+    if (virtual_check_buffer_for_write( buffer, size ))
    {
-        req->handle = wine_server_obj_handle( process );
-        req->addr   = wine_server_client_ptr( addr );
-        wine_server_set_reply( req, buffer, size );
-        if ((status = wine_server_call( req ))) size = 0;
+        SERVER_START_REQ( read_process_memory )
+        {
+            req->handle = wine_server_obj_handle( process );
+            req->addr   = wine_server_client_ptr( addr );
+            wine_server_set_reply( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_ACCESS_VIOLATION;
+        size = 0;
    }
-    SERVER_END_REQ;
    if (bytes_read) *bytes_read = size;
    return status;
 }
@ -2637,14 +2645,22 @@ NTSTATUS WINAPI NtWriteVirtualMemory( HANDLE process, void *addr, const void *bu
 {
    NTSTATUS status;

-    SERVER_START_REQ( write_process_memory )
+    if (virtual_check_buffer_for_read( buffer, size ))
    {
-        req->handle     = wine_server_obj_handle( process );
-        req->addr       = wine_server_client_ptr( addr );
-        wine_server_add_data( req, buffer, size );
-        if ((status = wine_server_call( req ))) size = 0;
+        SERVER_START_REQ( write_process_memory )
+        {
+            req->handle     = wine_server_obj_handle( process );
+            req->addr       = wine_server_client_ptr( addr );
+            wine_server_add_data( req, buffer, size );
+            if ((status = wine_server_call( req ))) size = 0;
+        }
+        SERVER_END_REQ;
+    }
+    else
+    {
+        status = STATUS_PARTIAL_COPY;
+        size = 0;
    }
-    SERVER_END_REQ;
    if (bytes_written) *bytes_written = size;
    return status;
 }