ReactOS  0.4.15-dev-1201-gb2cf5a4
Functions | Variables
StackOverflow.c File Reference
#include "precomp.h"
Include dependency graph for StackOverflow.c:

Go to the source code of this file.

Functions

static void infinite_recursive (void)
 
 START_TEST (StackOverflow)
 

Variables

static int iteration = 0
 
static PVOID StackAllocationBase
 
static PVOID LastStackAllocation
 
static ULONG StackSize
 

Function Documentation

◆ infinite_recursive()

static void infinite_recursive ( void  )
static

Definition at line 21 of file StackOverflow.c.

22 {
23  MEMORY_BASIC_INFORMATION MemoryBasicInfo;
24  NTSTATUS Status;
25  char Buffer[0x500];
26 
27  sprintf(Buffer, "Iteration %d.\n", iteration++);
28 
29  Status = NtQueryVirtualMemory(
30  NtCurrentProcess(),
31  &Buffer[0],
32  MemoryBasicInformation,
33  &MemoryBasicInfo,
34  sizeof(MemoryBasicInfo),
35  NULL);
36  ok_ntstatus(Status, STATUS_SUCCESS);
37  /* This never changes */
38  ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
39  /* Stack is committed one page at a time */
40  ok_ptr(MemoryBasicInfo.BaseAddress, (PVOID)PAGE_ROUND_DOWN(&Buffer[0]));
41  /* This is the protection of the memory when it was reserved. */
42  ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
43  /* Windows commits the whole used stack at once, +2 pages. */
44 #if 0
45  ok_long(MemoryBasicInfo.RegionSize, ((ULONG_PTR)StackAllocationBase + StackSize + 2* PAGE_SIZE) - PAGE_ROUND_DOWN(&Buffer[0]));
46 #endif
47  /* This is the state of the queried address */
48  ok_long(MemoryBasicInfo.State, MEM_COMMIT);
49  /* This is the protection of the queried address */
50  ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
51  /* Of course this is private memory. */
52  ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
53 
54  LastStackAllocation = &Buffer[-0x500];
55 
56  infinite_recursive();
57 }
_MEMORY_BASIC_INFORMATION::AllocationProtect
ULONG AllocationProtect
Definition: mmtypes.h:957
_MEMORY_BASIC_INFORMATION
Definition: mmtypes.h:953
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
iteration
static int iteration
Definition: StackOverflow.c:14
StackSize
static ULONG StackSize
Definition: StackOverflow.c:17
PAGE_ROUND_DOWN
#define PAGE_ROUND_DOWN(x)
Definition: mmtypes.h:36
NtQueryVirtualMemory
NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: virtual.c:4284
ok_ptr
#define ok_ptr(expression, result)
Definition: atltest.h:108
ok_long
#define ok_long(expression, result)
Definition: atltest.h:133
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1313
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
sprintf
#define sprintf(buf, format,...)
Definition: sprintf.c:55
StackAllocationBase
static PVOID StackAllocationBase
Definition: StackOverflow.c:15
_MEMORY_BASIC_INFORMATION::State
ULONG State
Definition: mmtypes.h:959
NULL
smooth NULL
Definition: ftsmooth.c:416
Buffer
Definition: bufpool.h:45
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
_MEMORY_BASIC_INFORMATION::Type
ULONG Type
Definition: mmtypes.h:961
MEM_PRIVATE
#define MEM_PRIVATE
Definition: nt_native.h:1318
_MEMORY_BASIC_INFORMATION::BaseAddress
PVOID BaseAddress
Definition: mmtypes.h:955
infinite_recursive
static void infinite_recursive(void)
Definition: StackOverflow.c:21
LastStackAllocation
static PVOID LastStackAllocation
Definition: StackOverflow.c:16
_MEMORY_BASIC_INFORMATION::AllocationBase
PVOID AllocationBase
Definition: mmtypes.h:956
Status
Status
Definition: gdiplustypes.h:24
PAGE_SIZE
#define PAGE_SIZE
Definition: env_spec_w32.h:49
ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
_MEMORY_BASIC_INFORMATION::Protect
ULONG Protect
Definition: mmtypes.h:960
_MEMORY_BASIC_INFORMATION::RegionSize
SIZE_T RegionSize
Definition: mmtypes.h:958
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( StackOverflow  )

Definition at line 59 of file StackOverflow.c.

60 {
61  NTSTATUS Status;
62  MEMORY_BASIC_INFORMATION MemoryBasicInfo;
63 
64  /* Get the base of the stack */
65  Status = NtQueryVirtualMemory(
66  NtCurrentProcess(),
67  &Status,
68  MemoryBasicInformation,
69  &MemoryBasicInfo,
70  sizeof(MemoryBasicInfo),
71  NULL);
72  ok_ntstatus(Status, STATUS_SUCCESS);
73  StackAllocationBase = MemoryBasicInfo.AllocationBase;
74  trace("Stack allocation base is %p.\n", StackAllocationBase);
75  StackSize = MemoryBasicInfo.RegionSize;
76 
77  /* Check TEB attributes */
78  ok_ptr(NtCurrentTeb()->DeallocationStack, StackAllocationBase);
79  ok_ptr(NtCurrentTeb()->NtTib.StackBase, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress + MemoryBasicInfo.RegionSize));
80  ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress - PAGE_SIZE));
81  trace("Guaranteed stack size is %lu.\n", NtCurrentTeb()->GuaranteedStackBytes);
82 
83  /* Get its size */
84  Status = NtQueryVirtualMemory(
85  NtCurrentProcess(),
86  StackAllocationBase,
87  MemoryBasicInformation,
88  &MemoryBasicInfo,
89  sizeof(MemoryBasicInfo),
90  NULL);
91  ok_ntstatus(Status, STATUS_SUCCESS);
92 
93  /* This is the complete stack size */
94  StackSize += MemoryBasicInfo.RegionSize;
95  trace("Stack size is 0x%lx.\n", StackSize);
96 
97  trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
98 
99  /* Take a look at what is beyond the stack limit */
100  Status = NtQueryVirtualMemory(
101  NtCurrentProcess(),
102  NtCurrentTeb()->NtTib.StackLimit,
103  MemoryBasicInformation,
104  &MemoryBasicInfo,
105  sizeof(MemoryBasicInfo),
106  NULL);
107  ok_ntstatus(Status, STATUS_SUCCESS);
108 
109  ok_ptr(MemoryBasicInfo.BaseAddress, NtCurrentTeb()->NtTib.StackLimit);
110  ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
111  ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
112  ok_long(MemoryBasicInfo.RegionSize, 2 * PAGE_SIZE);
113  ok_long(MemoryBasicInfo.State, MEM_COMMIT);
114  ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
115  ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
116 
117  /* Accessing below stack limit is OK, as long as we don't starve the reserved space. */
118  _SEH2_TRY
119  {
120  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
121  CHAR Value = *Pointer;
122  (void)Value;
123  Status = STATUS_SUCCESS;
124  }
125  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
126  {
127  Status = _SEH2_GetExceptionCode();
128  }
129  _SEH2_END;
130  ok_ntstatus(Status, STATUS_SUCCESS);
131 
132  _SEH2_TRY
133  {
134  infinite_recursive();
135  }
136  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
137  {
138  trace("Exception after %d iteration.\n", iteration);
139  Status = _SEH2_GetExceptionCode();
140  }
141  _SEH2_END;
142 
143  ok_ntstatus(Status, STATUS_STACK_OVERFLOW);
144 
145  /* Windows lets 2 pages between the reserved memory and the smallest possible stack address */
146  ok((ULONG_PTR)LastStackAllocation > (ULONG_PTR)StackAllocationBase, "\n");
147  ok_long(PAGE_ROUND_DOWN(LastStackAllocation), (ULONG_PTR)StackAllocationBase + 2 * PAGE_SIZE);
148 
149  /* And in fact, this is the true condition of the stack overflow */
150  ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)StackAllocationBase + PAGE_SIZE));
151 
152  trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
153 
154  /* Of course, accessing above the stack limit is OK. */
155  _SEH2_TRY
156  {
157  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit + PAGE_SIZE / 2);
158  CHAR Value = *Pointer;
159  (void)Value;
160  Status = STATUS_SUCCESS;
161  }
162  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
163  {
164  Status = _SEH2_GetExceptionCode();
165  }
166  _SEH2_END;
167  ok_ntstatus(Status, STATUS_SUCCESS);
168 
169  /* But once stack is starved, it's starved. */
170  _SEH2_TRY
171  {
172  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
173  CHAR Value = *Pointer;
174  (void)Value;
175  Status = STATUS_SUCCESS;
176  }
177  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
178  {
179  trace("Exception after %d iteration.\n", iteration);
180  Status = _SEH2_GetExceptionCode();
181  }
182  _SEH2_END;
183  ok_ntstatus(Status, STATUS_ACCESS_VIOLATION);
184 }
void
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
_MEMORY_BASIC_INFORMATION::AllocationProtect
ULONG AllocationProtect
Definition: mmtypes.h:957
_MEMORY_BASIC_INFORMATION
Definition: mmtypes.h:953
CHAR
char CHAR
Definition: xmlstorage.h:175
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
iteration
static int iteration
Definition: StackOverflow.c:14
StackSize
static ULONG StackSize
Definition: StackOverflow.c:17
PAGE_ROUND_DOWN
#define PAGE_ROUND_DOWN(x)
Definition: mmtypes.h:36
NtQueryVirtualMemory
NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: virtual.c:4284
ok_ptr
#define ok_ptr(expression, result)
Definition: atltest.h:108
ok_long
#define ok_long(expression, result)
Definition: atltest.h:133
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1313
Value
IN UCHAR Value
Definition: halp.h:394
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
StackAllocationBase
static PVOID StackAllocationBase
Definition: StackOverflow.c:15
_MEMORY_BASIC_INFORMATION::State
ULONG State
Definition: mmtypes.h:959
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
NULL
smooth NULL
Definition: ftsmooth.c:416
PVOID
void * PVOID
Definition: retypes.h:9
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
_MEMORY_BASIC_INFORMATION::Type
ULONG Type
Definition: mmtypes.h:961
trace
#define trace
Definition: atltest.h:70
MEM_PRIVATE
#define MEM_PRIVATE
Definition: nt_native.h:1318
_MEMORY_BASIC_INFORMATION::BaseAddress
PVOID BaseAddress
Definition: mmtypes.h:955
infinite_recursive
static void infinite_recursive(void)
Definition: StackOverflow.c:21
LastStackAllocation
static PVOID LastStackAllocation
Definition: StackOverflow.c:16
_MEMORY_BASIC_INFORMATION::AllocationBase
PVOID AllocationBase
Definition: mmtypes.h:956
Status
Status
Definition: gdiplustypes.h:24
PAGE_SIZE
#define PAGE_SIZE
Definition: env_spec_w32.h:49
_SEH2_END
_SEH2_END
Definition: create.c:4400
NtCurrentTeb
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
ok
#define ok(value,...)
Definition: atltest.h:57
STATUS_STACK_OVERFLOW
#define STATUS_STACK_OVERFLOW
Definition: ntstatus.h:489
ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_MEMORY_BASIC_INFORMATION::Protect
ULONG Protect
Definition: mmtypes.h:960
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_MEMORY_BASIC_INFORMATION::RegionSize
SIZE_T RegionSize
Definition: mmtypes.h:958
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304

Variable Documentation

◆ iteration

int iteration = 0
static

Definition at line 14 of file StackOverflow.c.

Referenced by ClasspGetHwFirmwareInfo(), infinite_recursive(), shader_arb_handle_instruction(), and START_TEST().

◆ LastStackAllocation

PVOID LastStackAllocation
static

Definition at line 16 of file StackOverflow.c.

Referenced by infinite_recursive(), and START_TEST().

◆ StackAllocationBase

PVOID StackAllocationBase
static

Definition at line 15 of file StackOverflow.c.

Referenced by infinite_recursive(), and START_TEST().

◆ StackSize

ULONG StackSize
static

Definition at line 17 of file StackOverflow.c.

Referenced by infinite_recursive(), and START_TEST().