Fix ProbeForRead. It wasn't ever checking if memory can be accessed. Thanks to big...

svn path=/trunk/; revision=51108

diff --git a/reactos/ntoskrnl/ex/exintrin.c b/reactos/ntoskrnl/ex/exintrin.c
index 0d98379..3e9d5c3 100644 (file)
--- a/reactos/ntoskrnl/ex/exintrin.c
+++ b/reactos/ntoskrnl/ex/exintrin.c
@@ -103,6 +103,8 @@ ProbeForRead(IN CONST VOID *Address,
              IN SIZE_T Length,
              IN ULONG Alignment)
 {
+       ULONG_PTR Last, Current = (ULONG_PTR)Address;
+       CHAR Temp;
     PAGED_CODE();
 
     /* Only probe if we have a valid length */
@@ -115,18 +117,31 @@ ProbeForRead(IN CONST VOID *Address,
                (Alignment == 8) ||
                (Alignment == 16));
 
-        /* Check for correct alignment */
-        if (((ULONG_PTR)Address & (Alignment - 1)) != 0)
+        /* Check the alignment */
+        if ((Current & (Alignment - 1)) != 0)
         {
             /* Incorrect alignment */
             ExRaiseDatatypeMisalignment();
         }
-        else if (((ULONG_PTR)Address + Length) < (ULONG_PTR)Address ||
-                 ((ULONG_PTR)Address + Length) > (ULONG_PTR)MmUserProbeAddress)
+        
+        /* Get the end address */
+        Last = Current + Length - 1;
+        if ((Last < Current) || (Last >= (ULONG_PTR)MmUserProbeAddress))
         {
-            /* Attempt a read */
-            *(volatile CHAR* const)MmUserProbeAddress = 0;
+            /* Raise an access violation */
+            ExRaiseAccessViolation();
         }
+
+        /* Round down to the last page */
+        Last = PAGE_ROUND_DOWN(Last) + PAGE_SIZE;
+        do
+        {
+            /* Attempt a read */
+            Temp = *(volatile CHAR*)Current;
+
+            /* Go to the next address */
+            Current = PAGE_ROUND_DOWN(Current) + PAGE_SIZE;
+        } while (Current != Last);
     }
 }