ReactOS 0.4.16-dev-2491-g3dc6630
StackOverflow.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS api tests
3 * LICENSE: GPL - See COPYING in the top level directory
4 * PURPOSE: Test for stack overflow
5 * PROGRAMMER: Jérôme Gardou
6 */
7
8#include "precomp.h"
9
10#include <pseh/pseh2.h>
11
12#ifdef _MSC_VER
13#pragma warning(disable : 4717) // disable warning about recursive function
14#elif defined(__GNUC__) && (__GNUC__ >= 12)
15#pragma GCC diagnostic ignored "-Winfinite-recursion"
16#endif
17
18static int iteration = 0;
19static PVOID StackAllocationBase;
20static PVOID LastStackAllocation;
21static ULONG StackSize;
22
23static
24void
25infinite_recursive(void)
26{
27 MEMORY_BASIC_INFORMATION MemoryBasicInfo;
28 NTSTATUS Status;
29 char Buffer[0x500];
30
31 sprintf(Buffer, "Iteration %d.\n", iteration++);
32
33 Status = NtQueryVirtualMemory(
34 NtCurrentProcess(),
35 &Buffer[0],
36 MemoryBasicInformation,
37 &MemoryBasicInfo,
38 sizeof(MemoryBasicInfo),
39 NULL);
40 ok_ntstatus(Status, STATUS_SUCCESS);
41 /* This never changes */
42 ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
43 /* Stack is committed one page at a time */
44 ok_ptr(MemoryBasicInfo.BaseAddress, (PVOID)PAGE_ROUND_DOWN(&Buffer[0]));
45 /* This is the protection of the memory when it was reserved. */
46 ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
47 /* Windows commits the whole used stack at once, +2 pages. */
48#if 0
49 ok_long(MemoryBasicInfo.RegionSize, ((ULONG_PTR)StackAllocationBase + StackSize + 2* PAGE_SIZE) - PAGE_ROUND_DOWN(&Buffer[0]));
50#endif
51 /* This is the state of the queried address */
52 ok_long(MemoryBasicInfo.State, MEM_COMMIT);
53 /* This is the protection of the queried address */
54 ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
55 /* Of course this is private memory. */
56 ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
57
58 LastStackAllocation = &Buffer[-0x500];
59
60 infinite_recursive();
61}
62
63START_TEST(StackOverflow)
64{
65 NTSTATUS Status;
66 MEMORY_BASIC_INFORMATION MemoryBasicInfo;
67
68 /* Get the base of the stack */
69 Status = NtQueryVirtualMemory(
70 NtCurrentProcess(),
71 &Status,
72 MemoryBasicInformation,
73 &MemoryBasicInfo,
74 sizeof(MemoryBasicInfo),
75 NULL);
76 ok_ntstatus(Status, STATUS_SUCCESS);
77 StackAllocationBase = MemoryBasicInfo.AllocationBase;
78 trace("Stack allocation base is %p.\n", StackAllocationBase);
79 StackSize = MemoryBasicInfo.RegionSize;
80
81 /* Check TEB attributes */
82 ok_ptr(NtCurrentTeb()->DeallocationStack, StackAllocationBase);
83 ok_ptr(NtCurrentTeb()->NtTib.StackBase, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress + MemoryBasicInfo.RegionSize));
84#ifdef _WIN64
85 ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress - 2 * PAGE_SIZE));
86#else
87 ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress - PAGE_SIZE));
88#endif
89 trace("Guaranteed stack size is %lu.\n", NtCurrentTeb()->GuaranteedStackBytes);
90
91 /* Get its size */
92 Status = NtQueryVirtualMemory(
93 NtCurrentProcess(),
94 StackAllocationBase,
95 MemoryBasicInformation,
96 &MemoryBasicInfo,
97 sizeof(MemoryBasicInfo),
98 NULL);
99 ok_ntstatus(Status, STATUS_SUCCESS);
100
101 /* This is the complete stack size */
102 StackSize += MemoryBasicInfo.RegionSize;
103 trace("Stack size is 0x%lx.\n", StackSize);
104
105 trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
106
107 /* Take a look at what is beyond the stack limit */
108 Status = NtQueryVirtualMemory(
109 NtCurrentProcess(),
110 NtCurrentTeb()->NtTib.StackLimit,
111 MemoryBasicInformation,
112 &MemoryBasicInfo,
113 sizeof(MemoryBasicInfo),
114 NULL);
115 ok_ntstatus(Status, STATUS_SUCCESS);
116
117 ok_ptr(MemoryBasicInfo.BaseAddress, NtCurrentTeb()->NtTib.StackLimit);
118 ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
119 ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
120#ifdef _WIN64
121 ok_long(MemoryBasicInfo.RegionSize, 3 * PAGE_SIZE);
122#else
123 ok_long(MemoryBasicInfo.RegionSize, 2 * PAGE_SIZE);
124#endif
125 ok_long(MemoryBasicInfo.State, MEM_COMMIT);
126 ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
127 ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
128
129 /* Accessing below stack limit is OK, as long as we don't starve the reserved space. */
130 _SEH2_TRY
131 {
132 volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
133 CHAR Value = *Pointer;
134 (void)Value;
135 Status = STATUS_SUCCESS;
136 }
137 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
138 {
139 Status = _SEH2_GetExceptionCode();
140 }
141 _SEH2_END;
142 ok_ntstatus(Status, STATUS_SUCCESS);
143
144 _SEH2_TRY
145 {
146 infinite_recursive();
147 }
148 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
149 {
150 trace("Exception after %d iteration.\n", iteration);
151 Status = _SEH2_GetExceptionCode();
152 }
153 _SEH2_END;
154
155 ok_ntstatus(Status, STATUS_STACK_OVERFLOW);
156
157 /* Windows lets 2 pages between the reserved memory and the smallest possible stack address */
158 ok((ULONG_PTR)LastStackAllocation > (ULONG_PTR)StackAllocationBase, "\n");
159#ifdef _WIN64
160 ok_long(PAGE_ROUND_DOWN(LastStackAllocation), (ULONG_PTR)StackAllocationBase + 4 * PAGE_SIZE);
161#else
162 ok_long(PAGE_ROUND_DOWN(LastStackAllocation), (ULONG_PTR)StackAllocationBase + 3 * PAGE_SIZE);
163#endif
164
165 /* And in fact, this is the true condition of the stack overflow */
166 ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)StackAllocationBase + PAGE_SIZE));
167
168 trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
169
170 /* Of course, accessing above the stack limit is OK. */
171 _SEH2_TRY
172 {
173 volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit + PAGE_SIZE / 2);
174 CHAR Value = *Pointer;
175 (void)Value;
176 Status = STATUS_SUCCESS;
177 }
178 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
179 {
180 Status = _SEH2_GetExceptionCode();
181 }
182 _SEH2_END;
183 ok_ntstatus(Status, STATUS_SUCCESS);
184
185 /* But once stack is starved, it's starved. */
186 _SEH2_TRY
187 {
188 volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
189 CHAR Value = *Pointer;
190 (void)Value;
191 Status = STATUS_SUCCESS;
192 }
193 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
194 {
195 trace("Exception after %d iteration.\n", iteration);
196 Status = _SEH2_GetExceptionCode();
197 }
198 _SEH2_END;
199 ok_ntstatus(Status, STATUS_ACCESS_VIOLATION);
200}
StackAllocationBase
static PVOID StackAllocationBase
Definition: StackOverflow.c:19
StackSize
static ULONG StackSize
Definition: StackOverflow.c:21
LastStackAllocation
static PVOID LastStackAllocation
Definition: StackOverflow.c:20
iteration
static int iteration
Definition: StackOverflow.c:18
infinite_recursive
static void infinite_recursive(void)
Definition: StackOverflow.c:25
ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
ok_long
#define ok_long(expression, result)
Definition: atltest.h:133
trace
#define trace
Definition: atltest.h:70
ok
#define ok(value,...)
Definition: atltest.h:57
START_TEST
#define START_TEST(x)
Definition: atltest.h:75
ok_ptr
#define ok_ptr(expression, result)
Definition: atltest.h:108
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Buffer
Definition: bufpool.h:45
NULL
#define NULL
Definition: types.h:112
PAGE_SIZE
#define PAGE_SIZE
Definition: env_spec_w32.h:49
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: fpEnumPrinters.c:23
Status
Status
Definition: gdiplustypes.h:25
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
sprintf
#define sprintf
Definition: sprintf.c:45
MemoryBasicInformation
@ MemoryBasicInformation
Definition: mmtypes.h:183
PAGE_ROUND_DOWN
#define PAGE_ROUND_DOWN(x)
Definition: mmtypes.h:36
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1307
MEM_PRIVATE
#define MEM_PRIVATE
Definition: nt_native.h:1321
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1660
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1316
NtQueryVirtualMemory
NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: virtual.c:4374
STATUS_STACK_OVERFLOW
#define STATUS_STACK_OVERFLOW
Definition: ntstatus.h:583
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:204
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:104
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:194
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:93
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_MEMORY_BASIC_INFORMATION
Definition: mmtypes.h:971
_MEMORY_BASIC_INFORMATION::RegionSize
SIZE_T RegionSize
Definition: mmtypes.h:975
_MEMORY_BASIC_INFORMATION::AllocationBase
PVOID AllocationBase
Definition: mmtypes.h:973
_MEMORY_BASIC_INFORMATION::AllocationProtect
ULONG AllocationProtect
Definition: mmtypes.h:974
_MEMORY_BASIC_INFORMATION::State
ULONG State
Definition: mmtypes.h:976
_MEMORY_BASIC_INFORMATION::Type
ULONG Type
Definition: mmtypes.h:978
_MEMORY_BASIC_INFORMATION::BaseAddress
PVOID BaseAddress
Definition: mmtypes.h:972
_MEMORY_BASIC_INFORMATION::Protect
ULONG Protect
Definition: mmtypes.h:977
PVOID
void * PVOID
Definition: typedefs.h:50
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Value
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
CHAR
char CHAR
Definition: xmlstorage.h:175