[Wine-patches] [eterhack] ntdll: Prevent sbis.exe crash (eterbug #7692).

Alexander Morozov amorozov на etersoft.ru
Ср Окт 5 17:01:29 MSD 2011


----------- следующая часть -----------
From 4ddd83ba0cf72eb2d1c8f347f3af653b5ec044ad Mon Sep 17 00:00:00 2001
From: Alexander Morozov <amorozov на etersoft.ru>
Date: Wed, 5 Oct 2011 16:40:20 +0400
Subject: [eterhack] ntdll: Prevent sbis.exe crash (eterbug #7692).

---
 dlls/ntdll/heap.c |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/dlls/ntdll/heap.c b/dlls/ntdll/heap.c
index 2e945e9..8bb6006 100644
--- a/dlls/ntdll/heap.c
+++ b/dlls/ntdll/heap.c
@@ -102,6 +102,8 @@ C_ASSERT( sizeof(ARENA_LARGE) % LARGE_ALIGNMENT == 0 );
 #define QUIET                  1           /* Suppress messages  */
 #define NOISY                  0           /* Report all errors  */
 
+#define ETERSOFT_MEM_OFFSET    4
+
 /* minimum data size (without arenas) of an allocated block */
 /* make sure that it's larger than a free list entry */
 #define HEAP_MIN_DATA_SIZE    ROUND_SIZE(2 * sizeof(struct list))
@@ -1651,6 +1653,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
     if (!heapPtr) return NULL;
     flags &= HEAP_GENERATE_EXCEPTIONS | HEAP_NO_SERIALIZE | HEAP_ZERO_MEMORY;
     flags |= heapPtr->flags;
+    size += ETERSOFT_MEM_OFFSET;
     rounded_size = ROUND_SIZE(size) + HEAP_TAIL_EXTRA_SIZE( flags );
     if (rounded_size < size)  /* overflow */
     {
@@ -1666,6 +1669,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
         void *ret = allocate_large_block( heap, flags, size );
         if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
         if (!ret && (flags & HEAP_GENERATE_EXCEPTIONS)) RtlRaiseStatus( STATUS_NO_MEMORY );
+        ret = (char *)ret + ETERSOFT_MEM_OFFSET;
         TRACE("(%p,%08x,%08lx): returning %p\n", heap, flags, size, ret );
         return ret;
     }
@@ -1704,6 +1708,7 @@ PVOID WINAPI RtlAllocateHeap( HANDLE heap, ULONG flags, SIZE_T size )
 
     if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
 
+    pInUse = (void *)((char *)pInUse + ETERSOFT_MEM_OFFSET);
     TRACE("(%p,%08x,%08lx): returning %p\n", heap, flags, size, pInUse + 1 );
     return pInUse + 1;
 }
@@ -1744,6 +1749,8 @@ BOOLEAN WINAPI RtlFreeHeap( HANDLE heap, ULONG flags, PVOID ptr )
     flags |= heapPtr->flags;
     if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
 
+    ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
+
     /* Inform valgrind we are trying to free memory, so it can throw up an error message */
     notify_free( ptr );
 
@@ -1805,6 +1812,9 @@ PVOID WINAPI RtlReAllocateHeap( HANDLE heap, ULONG flags, PVOID ptr, SIZE_T size
     flags |= heapPtr->flags;
     if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
 
+    size += ETERSOFT_MEM_OFFSET;
+    ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
+
     rounded_size = ROUND_SIZE(size) + HEAP_TAIL_EXTRA_SIZE(flags);
     if (rounded_size < size) goto oom;  /* overflow */
     if (rounded_size < HEAP_MIN_DATA_SIZE) rounded_size = HEAP_MIN_DATA_SIZE;
@@ -1905,6 +1915,7 @@ PVOID WINAPI RtlReAllocateHeap( HANDLE heap, ULONG flags, PVOID ptr, SIZE_T size
     ret = pArena + 1;
 done:
     if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
+    ret = (char *)ret + ETERSOFT_MEM_OFFSET;
     TRACE("(%p,%08x,%p,%08lx): returning %p\n", heap, flags, ptr, size, ret );
     return ret;
 
@@ -2021,6 +2032,7 @@ SIZE_T WINAPI RtlSizeHeap( HANDLE heap, ULONG flags, const void *ptr )
     flags |= heapPtr->flags;
     if (!(flags & HEAP_NO_SERIALIZE)) RtlEnterCriticalSection( &heapPtr->critSection );
 
+    ptr = (char *)ptr - ETERSOFT_MEM_OFFSET;
     pArena = (const ARENA_INUSE *)ptr - 1;
     if (!validate_block_pointer( heapPtr, &subheap, pArena ))
     {
@@ -2038,6 +2050,7 @@ SIZE_T WINAPI RtlSizeHeap( HANDLE heap, ULONG flags, const void *ptr )
     }
     if (!(flags & HEAP_NO_SERIALIZE)) RtlLeaveCriticalSection( &heapPtr->critSection );
 
+    ret -= ETERSOFT_MEM_OFFSET;
     TRACE("(%p,%08x,%p): returning %08lx\n", heap, flags, ptr, ret );
     return ret;
 }
-- 
1.7.6.1



Подробная информация о списке рассылки Wine-patches