ReactOS  0.4.15-dev-3181-g4acf100
StackOverflow.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS api tests
3  * LICENSE: GPL - See COPYING in the top level directory
4  * PURPOSE: Test for stack overflow
5  * PROGRAMMER: Jérôme Gardou
6  */
7 
8 #include "precomp.h"
9 
10 #include <pseh/pseh2.h>
11 
12 #ifdef _MSC_VER
13 #pragma warning(disable : 4717) // disable warning about recursive function
14 #endif
15 
16 static int iteration = 0;
20 
21 static
22 void
24 {
25  MEMORY_BASIC_INFORMATION MemoryBasicInfo;
27  char Buffer[0x500];
28 
29  sprintf(Buffer, "Iteration %d.\n", iteration++);
30 
33  &Buffer[0],
35  &MemoryBasicInfo,
36  sizeof(MemoryBasicInfo),
37  NULL);
39  /* This never changes */
40  ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
41  /* Stack is committed one page at a time */
42  ok_ptr(MemoryBasicInfo.BaseAddress, (PVOID)PAGE_ROUND_DOWN(&Buffer[0]));
43  /* This is the protection of the memory when it was reserved. */
44  ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
45  /* Windows commits the whole used stack at once, +2 pages. */
46 #if 0
48 #endif
49  /* This is the state of the queried address */
50  ok_long(MemoryBasicInfo.State, MEM_COMMIT);
51  /* This is the protection of the queried address */
52  ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
53  /* Of course this is private memory. */
54  ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
55 
56  LastStackAllocation = &Buffer[-0x500];
57 
59 }
60 
61 START_TEST(StackOverflow)
62 {
64  MEMORY_BASIC_INFORMATION MemoryBasicInfo;
65 
66  /* Get the base of the stack */
69  &Status,
71  &MemoryBasicInfo,
72  sizeof(MemoryBasicInfo),
73  NULL);
75  StackAllocationBase = MemoryBasicInfo.AllocationBase;
76  trace("Stack allocation base is %p.\n", StackAllocationBase);
77  StackSize = MemoryBasicInfo.RegionSize;
78 
79  /* Check TEB attributes */
80  ok_ptr(NtCurrentTeb()->DeallocationStack, StackAllocationBase);
81  ok_ptr(NtCurrentTeb()->NtTib.StackBase, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress + MemoryBasicInfo.RegionSize));
82  ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)MemoryBasicInfo.BaseAddress - PAGE_SIZE));
83  trace("Guaranteed stack size is %lu.\n", NtCurrentTeb()->GuaranteedStackBytes);
84 
85  /* Get its size */
90  &MemoryBasicInfo,
91  sizeof(MemoryBasicInfo),
92  NULL);
94 
95  /* This is the complete stack size */
96  StackSize += MemoryBasicInfo.RegionSize;
97  trace("Stack size is 0x%lx.\n", StackSize);
98 
99  trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
100 
101  /* Take a look at what is beyond the stack limit */
104  NtCurrentTeb()->NtTib.StackLimit,
106  &MemoryBasicInfo,
107  sizeof(MemoryBasicInfo),
108  NULL);
110 
111  ok_ptr(MemoryBasicInfo.BaseAddress, NtCurrentTeb()->NtTib.StackLimit);
112  ok_ptr(MemoryBasicInfo.AllocationBase, StackAllocationBase);
113  ok_long(MemoryBasicInfo.AllocationProtect, PAGE_READWRITE);
114  ok_long(MemoryBasicInfo.RegionSize, 2 * PAGE_SIZE);
115  ok_long(MemoryBasicInfo.State, MEM_COMMIT);
116  ok_long(MemoryBasicInfo.Protect, PAGE_READWRITE);
117  ok_long(MemoryBasicInfo.Type, MEM_PRIVATE);
118 
119  /* Accessing below stack limit is OK, as long as we don't starve the reserved space. */
120  _SEH2_TRY
121  {
122  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
123  CHAR Value = *Pointer;
124  (void)Value;
126  }
128  {
130  }
131  _SEH2_END;
133 
134  _SEH2_TRY
135  {
137  }
139  {
140  trace("Exception after %d iteration.\n", iteration);
142  }
143  _SEH2_END;
144 
146 
147  /* Windows lets 2 pages between the reserved memory and the smallest possible stack address */
150 
151  /* And in fact, this is the true condition of the stack overflow */
152  ok_ptr(NtCurrentTeb()->NtTib.StackLimit, (PVOID)((ULONG_PTR)StackAllocationBase + PAGE_SIZE));
153 
154  trace("Stack limit %p, stack base %p.\n", NtCurrentTeb()->NtTib.StackLimit, NtCurrentTeb()->NtTib.StackBase);
155 
156  /* Of course, accessing above the stack limit is OK. */
157  _SEH2_TRY
158  {
159  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit + PAGE_SIZE / 2);
160  CHAR Value = *Pointer;
161  (void)Value;
163  }
165  {
167  }
168  _SEH2_END;
170 
171  /* But once stack is starved, it's starved. */
172  _SEH2_TRY
173  {
174  volatile CHAR* Pointer = (PVOID)((ULONG_PTR)NtCurrentTeb()->NtTib.StackLimit - PAGE_SIZE / 2);
175  CHAR Value = *Pointer;
176  (void)Value;
178  }
180  {
181  trace("Exception after %d iteration.\n", iteration);
183  }
184  _SEH2_END;
186 }
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
char CHAR
Definition: xmlstorage.h:175
LONG NTSTATUS
Definition: precomp.h:26
static int iteration
Definition: StackOverflow.c:16
static ULONG StackSize
Definition: StackOverflow.c:19
#define PAGE_ROUND_DOWN(x)
Definition: mmtypes.h:36
NTSTATUS NTAPI NtQueryVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T MemoryInformationLength, OUT PSIZE_T ReturnLength)
Definition: virtual.c:4398
#define ok_ptr(expression, result)
Definition: atltest.h:108
#define ok_long(expression, result)
Definition: atltest.h:133
#define MEM_COMMIT
Definition: nt_native.h:1313
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define sprintf(buf, format,...)
Definition: sprintf.c:55
static PVOID StackAllocationBase
Definition: StackOverflow.c:17
START_TEST(StackOverflow)
Definition: StackOverflow.c:61
Definition: bufpool.h:45
void * PVOID
Definition: retypes.h:9
#define NtCurrentProcess()
Definition: nt_native.h:1657
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:406
Status
Definition: gdiplustypes.h:24
#define trace
Definition: atltest.h:70
#define MEM_PRIVATE
Definition: nt_native.h:1318
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static void infinite_recursive(void)
Definition: StackOverflow.c:23
static PVOID LastStackAllocation
Definition: StackOverflow.c:18
#define PAGE_SIZE
Definition: env_spec_w32.h:49
_SEH2_END
Definition: create.c:4400
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
Definition: psfuncs.h:420
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
#define ok(value,...)
Definition: atltest.h:57
#define NULL
Definition: types.h:112
#define STATUS_STACK_OVERFLOW
Definition: ntstatus.h:489
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define PAGE_READWRITE
Definition: nt_native.h:1304