From 06321ba57b17635cf2bd945ce38d2c95367b2156 Mon Sep 17 00:00:00 2001 From: Tim Clem Date: Tue, 8 Nov 2022 13:51:40 -0800 Subject: [PATCH] wow64: Truncate too-large regions from NtQueryVirtualMemory(MemoryRegionInformation). AllocationBase + RegionSize should not exceed the highest WoW user address. --- dlls/wow64/virtual.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dlls/wow64/virtual.c b/dlls/wow64/virtual.c index f9a0e0b6bc8..c41d0a930ca 100644 --- a/dlls/wow64/virtual.c +++ b/dlls/wow64/virtual.c @@ -444,6 +444,8 @@ NTSTATUS WINAPI wow64_NtQueryVirtualMemory( UINT *args ) info32->CommitSize = info.CommitSize; info32->PartitionId = info.PartitionId; info32->NodePreference = info.NodePreference; + if ((ULONG_PTR)info.AllocationBase + info.RegionSize > highest_user_address) + info32->RegionSize = highest_user_address - (ULONG_PTR)info.AllocationBase + 1; } } res_len = sizeof(MEMORY_REGION_INFORMATION32);