[NTOS:CC]

In CcCopyData, Buffer can be NULL during read/write operations.
[FASTFAT]
Use SEH to catch exceptions thrown by MmProbeAndLockPages.
Lock the user buffer before changing the file allocation size.

svn path=/trunk/; revision=68619

diff --git a/reactos/drivers/filesystems/fastfat/misc.c b/reactos/drivers/filesystems/fastfat/misc.c
index 39e5896..a4bfac3 100644 (file)
--- a/reactos/drivers/filesystems/fastfat/misc.c
+++ b/reactos/drivers/filesystems/fastfat/misc.c
@@ -364,7 +364,17 @@ VfatLockUserBuffer(
         return STATUS_INSUFFICIENT_RESOURCES;
     }
 
-    MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    _SEH2_TRY
+    {
+        MmProbeAndLockPages(Irp->MdlAddress, Irp->RequestorMode, Operation);
+    }
+    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+    {
+        IoFreeMdl(Irp->MdlAddress);
+        Irp->MdlAddress = NULL;
+        _SEH2_YIELD(return _SEH2_GetExceptionCode());
+    }
+    _SEH2_END;
 
     return STATUS_SUCCESS;
 }

diff --git a/reactos/drivers/filesystems/fastfat/rw.c b/reactos/drivers/filesystems/fastfat/rw.c
index 2ca5e70..e9a23db 100644 (file)
--- a/reactos/drivers/filesystems/fastfat/rw.c
+++ b/reactos/drivers/filesystems/fastfat/rw.c
@@ -656,9 +656,9 @@ VfatRead(
     }
 
     Buffer = VfatGetUserBuffer(IrpContext->Irp, BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
+    if (!NT_SUCCESS(Status))
     {
-        Status = STATUS_INVALID_USER_BUFFER;
         goto ByeBye;
     }
 
@@ -716,12 +716,6 @@ VfatRead(
             Length = (ULONG)(ROUND_UP(Fcb->RFCB.FileSize.QuadPart, BytesPerSector) - ByteOffset.QuadPart);
         }
 
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoWriteAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
-        }
-
         Status = VfatReadFileData(IrpContext, Length, ByteOffset, &ReturnedLength);
         if (NT_SUCCESS(Status))
         {
@@ -927,13 +921,12 @@ VfatWrite(
     OldFileSize = Fcb->RFCB.FileSize;
 
     Buffer = VfatGetUserBuffer(IrpContext->Irp, BooleanFlagOn(IrpContext->Irp->Flags, IRP_PAGING_IO));
-    if (!Buffer && IrpContext->Irp->MdlAddress)
+    Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
+    if (!NT_SUCCESS(Status))
     {
-        Status = STATUS_INVALID_USER_BUFFER;
         goto ByeBye;
     }
 
-
     if (!(Fcb->Flags & (FCB_IS_FAT|FCB_IS_VOLUME)) &&
         !(IrpContext->Irp->Flags & IRP_PAGING_IO) &&
         ByteOffset.u.LowPart + Length > Fcb->RFCB.FileSize.u.LowPart)
@@ -999,12 +992,6 @@ VfatWrite(
             CcZeroData(IrpContext->FileObject, &OldFileSize, &ByteOffset, TRUE);
         }
 
-        Status = VfatLockUserBuffer(IrpContext->Irp, Length, IoReadAccess);
-        if (!NT_SUCCESS(Status))
-        {
-            goto ByeBye;
-        }
-
         Status = VfatWriteFileData(IrpContext, Length, ByteOffset);
         if (NT_SUCCESS(Status))
         {

diff --git a/reactos/ntoskrnl/cc/copy.c b/reactos/ntoskrnl/cc/copy.c
index 6849fc4..e74862f 100644 (file)
--- a/reactos/ntoskrnl/cc/copy.c
+++ b/reactos/ntoskrnl/cc/copy.c
@@ -284,7 +284,7 @@ CcCopyData (
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
 
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
 
@@ -321,7 +321,7 @@ CcCopyData (
         CurrentOffset += PartialLength;
         BytesCopied += PartialLength;
 
-        if (Buffer)
+        if (Operation != CcOperationZero)
             Buffer = (PVOID)((ULONG_PTR)Buffer + PartialLength);
     }
     IoStatus->Status = STATUS_SUCCESS;