From d42555ad59db5479dc65c8b937199d8ab2d385ec Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Mon, 21 Oct 2019 00:36:14 +0200
Subject: [PATCH] [0.4.10][NTOS] Fix a regression in the PE loader CORE-11717

which caused images to be loaded up to MmHighestUserAddress,
thus overwriting the shared user page.

This is now fixed by using MM_HIGHEST_VAD_ADDRESS as the margin instead.
This commit allows again to load WIN32K.sys of Win2K3SP2
which regressed by SVN 67793 == git
3565260212c7b6f12a0fc74dc86aa84ab5590002

fix cherry picked from commit 0.4.14-dev-143-g
56da95671ce87fc3c9fffbf33f411759ce330e49
---
 ntoskrnl/mm/section.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/mm/section.c b/ntoskrnl/mm/section.c
index 9bf9f3cd508..3e2f31ffa93 100644
--- a/ntoskrnl/mm/section.c
+++ b/ntoskrnl/mm/section.c
@@ -4550,11 +4550,11 @@ MmMapViewOfSection(IN PVOID SectionObject,
         ImageSectionObject->ImageInformation.ImageFileSize = (ULONG)ImageSize;
 
         /* Check for an illegal base address */
-        if (((ImageBase + ImageSize) > (ULONG_PTR)MmHighestUserAddress) ||
+        if (((ImageBase + ImageSize) > (ULONG_PTR)MM_HIGHEST_VAD_ADDRESS) ||
                 ((ImageBase + ImageSize) < ImageSize))
         {
             ASSERT(*BaseAddress == NULL);
-            ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MmHighestUserAddress - ImageSize,
+            ImageBase = ALIGN_DOWN_BY((ULONG_PTR)MM_HIGHEST_VAD_ADDRESS - ImageSize,
                                       MM_VIRTMEM_GRANULARITY);
             NotAtBase = TRUE;
         }
-- 
2.17.1