diff options
| author | midipix <writeonce@midipix.org> | 2024-01-24 01:48:07 +0000 |
|---|---|---|
| committer | midipix <writeonce@midipix.org> | 2024-01-24 02:11:15 +0000 |
| commit | b6fdb6cbaa88ccfe903a420b09e5d233f2f09d52 (patch) | |
| tree | 199b7413214372f49a15771e383d3fa5c86162d7 | |
| parent | 91299b6aa92cc9dcf2b93329d8f26a0e1e086e0d (diff) | |
| download | ntapi-b6fdb6cbaa88ccfe903a420b09e5d233f2f09d52.tar.bz2 ntapi-b6fdb6cbaa88ccfe903a420b09e5d233f2f09d52.tar.xz | |
__ntapi_tt_spawn_native_process(): refactor buffer size accounting.
| -rw-r--r-- | src/process/ntapi_tt_spawn_native_process.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/process/ntapi_tt_spawn_native_process.c b/src/process/ntapi_tt_spawn_native_process.c index b69c2f1..56007e1 100644 --- a/src/process/ntapi_tt_spawn_native_process.c +++ b/src/process/ntapi_tt_spawn_native_process.c @@ -82,6 +82,7 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar wchar16_t ** pwarg; wchar16_t * wenv; wchar16_t * wch; + wchar16_t * wcap; void * hchild[2]; wchar16_t * imgbuf; uint32_t fsuspended; @@ -188,10 +189,12 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar imgname = (nt_unicode_string *)imgbuf; - /* argv, envp */ + /* imgbuf must remain intact until after creation of the child process */ buflen = rtblock.size; buflen -= sizeof(*rdata); + buflen -= __SPAWN_NATIVE_PROCESS_RUNTIME_BLOCK_IMGBUF_SIZE; + /* argv, envp */ if ((status = __ntapi->tt_array_copy_utf8( &rdata->argc, (const char **)sparams->argv, @@ -222,13 +225,11 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar pwarg = rdata->wenvp + rdata->envc + 1; wch = (wchar16_t *)pwarg; - if ((written = (uintptr_t)wch - (uintptr_t)rdata) > rtblock.size) - return __tt_spawn_return( - &rtblock,himgfile,0,0, - NT_STATUS_BUFFER_TOO_SMALL); + wcap = (wchar16_t *)rtblock.addr; + wcap += rtblock.size / sizeof(wchar16_t); - buflen = rtblock.size; - buflen -= written; + buflen = (wcap - wch) * sizeof(wchar16_t); + buflen -= __SPAWN_NATIVE_PROCESS_RUNTIME_BLOCK_IMGBUF_SIZE; if ((status = __ntapi->tt_array_convert_utf8_to_utf16( rargv, @@ -239,7 +240,7 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar &rtblock,himgfile,0,0, status); - wch += written/sizeof(wchar16_t); + wch += written / sizeof(wchar16_t); buflen -= written; if ((status = __ntapi->tt_array_convert_utf8_to_utf16( @@ -255,7 +256,7 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar rdata->wenvp -= (uintptr_t)rtblock.addr / sizeof(wchar16_t *); wenv = wch; - wch += written/sizeof(wchar16_t); + wch += written / sizeof(wchar16_t); buflen -= written; /* w32 environment */ @@ -302,11 +303,6 @@ int32_t __stdcall __ntapi_tt_spawn_native_process(nt_spawn_process_params * spar buflen -= needed; } - if (buflen < __SPAWN_NATIVE_PROCESS_RUNTIME_BLOCK_IMGBUF_SIZE) - return __tt_spawn_return( - &rtblock,himgfile,0,0, - NT_STATUS_BUFFER_TOO_SMALL); - /* session */ if (sparams->hready) { if ((status = __ntapi->zw_duplicate_object( |