[Wine-patches] [eterhack] ntdll: Prevent sbis.exe crash (eterbug #7692).
Alexander Morozov
amorozov на etersoft.ru
Ср Окт 5 17:01:29 MSD 2011
----------- следующая часть -----------
From 4ddd83ba0cf72eb2d1c8f347f3af653b5ec044ad Mon Sep 17 00:00:00 2001
From: Alexander Morozov <amorozov на etersoft.ru>
Date: Wed, 5 Oct 2011 16:40:20 +0400
Subject: [eterhack] ntdll: Prevent sbis.exe crash (eterbug #7692).
---
dlls/ntdll/heap.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/dlls/ntdll/heap.c b/dlls/ntdll/heap.c
index 2e945e9..8bb6006 100644
--- a/dlls/ntdll/heap.c
+++ b/dlls/ntdll/heap.c
@@ -102,6 +102,8 @@ C_ASSERT( sizeof(ARENA_LARGE) % LARGE_ALIGNMENT == 0 );
#define QUIET 1 /* Suppress messages */
#define NOISY 0 /* Report all errors */
+#define ETERSOFT_MEM_OFFSET 4
+
/* minimum data size (without arenas) of an allocated block */
/* make sure that it's larger than a free list entry */
#define HEAP_MIN_DATA_SIZE ROUND_SIZE(2 * sizeof(struct list))
@@ -1651,6 +1653,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
if (!heapPtr) return NULL;
flags &= HEAP_GENERATE_EXCEPTIONS | HEAP_NO_SERIALIZE | HEAP_ZERO_MEMORY;
flags |= heapPtr->flags;
+ size += ETERSOFT_MEM_OFFSET;
rounded_size = ROUND_SIZE(size) + HEAP_TAIL_EXTRA_SIZE( flags );
if (rounded_size < size) /* overflow */
{
@@ -1666,6 +1669,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
void *ret = allocate_large_block( heap, flags, size );
if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
if (!ret && (flags & HEAP_GENERATE_EXCEPTIONS)) RtlRaiseStatus( STATUS_NO_MEMORY );
+ ret = (char *)ret + ETERSOFT_MEM_OFFSET;
TRACE("(%p,%08x,%08lx): returning %p\n", heap, flags, size, ret );
return ret;
}
@@ -1704,6 +1708,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
+ pInUse = (void *)((char *)pInUse + ETERSOFT_MEM_OFFSET);
TRACE("(%p,%08x,%08lx): returning %p\n", heap, flags, size, pInUse + 1 );
return pInUse + 1;
}
@@ -1744,6 +1749,8 @@ BOOLEAN WINAPI RtlFreeHeap( HANDLE heap, ULONG flags, PVOID ptr )
flags |= heapPtr->flags;
if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
+ ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
+
/* Inform valgrind we are trying to free memory, so it can throw up an error message */
notify_free( ptr );
@@ -1805,6 +1812,9 @@ PVOID WINAPI RtlReAllocateHeap( HANDLE heap, ULONG flags, PVOID ptr, SIZE_T size
flags |= heapPtr->flags;
if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
+ size += ETERSOFT_MEM_OFFSET;
+ ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
+
rounded_size = ROUND_SIZE(size) + HEAP_TAIL_EXTRA_SIZE(flags);
if (rounded_size < size) goto oom; /* overflow */
if (rounded_size < HEAP_MIN_DATA_SIZE) rounded_size = HEAP_MIN_DATA_SIZE;
@@ -1905,6 +1915,7 @@ PVOID WINAPI RtlReAllocateHeap( HANDLE heap, ULONG flags, PVOID ptr, SIZE_T size
ret = pArena + 1;
done:
if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
+ ret = (char *)ret + ETERSOFT_MEM_OFFSET;
TRACE("(%p,%08x,%p,%08lx): returning %p\n", heap, flags, ptr, size, ret );
return ret;
@@ -2021,6 +2032,7 @@ SIZE_T WINAPI RtlSizeHeap( HANDLE heap, ULONG flags, const void *ptr )
flags |= heapPtr->flags;
if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
+ ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
pArena = (const ARENA_INUSE *)ptr - 1;
if (!validate_block_pointer( heapPtr, &subheap, pArena ))
{
@@ -2038,6 +2050,7 @@ SIZE_T WINAPI RtlSizeHeap( HANDLE heap, ULONG flags, const void *ptr )
}
if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
+ ret -= ETERSOFT_MEM_OFFSET;
TRACE("(%p,%08x,%p): returning %08lx\n", heap, flags, ptr, ret );
return ret;
}
--
1.7.6.1
Подробная информация о списке рассылки Wine-patches