From e9b5bec1b1bdcee2c75638b847c7a4b600147a9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20=C3=81vila=20de=20Esp=C3=ADndola?=
 <respindola@mozilla.org>
Date: Thu, 7 Mar 2013 10:02:33 -0500
Subject: [PATCH] Bug 847468 - Poison NtWriteFileGather. r=BenWa.

--HG--
extra : rebase_source : 23ad1eec802f547504e08aa5dc8e7d90b2bf0708
---
 toolkit/xre/test/win/TestDllInterceptor.cpp |  2 ++
 xpcom/build/mozPoisonWriteWin.cpp           | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/toolkit/xre/test/win/TestDllInterceptor.cpp b/toolkit/xre/test/win/TestDllInterceptor.cpp
index 7cf84581945..409c8bfc0e2 100644
--- a/toolkit/xre/test/win/TestDllInterceptor.cpp
+++ b/toolkit/xre/test/win/TestDllInterceptor.cpp
@@ -117,6 +117,8 @@ int main()
 #endif
       TestHook("user32.dll", "TrackPopupMenu") &&
       TestHook("ntdll.dll", "NtFlushBuffersFile") &&
+      TestHook("ntdll.dll", "NtWriteFile") &&
+      TestHook("ntdll.dll", "NtWriteFileGather") &&
       TestHook("ntdll.dll", "LdrLoadDll")) {
     printf("TEST-PASS | WindowsDllInterceptor | all checks passed\n");
     return 0;
diff --git a/xpcom/build/mozPoisonWriteWin.cpp b/xpcom/build/mozPoisonWriteWin.cpp
index 6a4c154113a..9c9abc69508 100644
--- a/xpcom/build/mozPoisonWriteWin.cpp
+++ b/xpcom/build/mozPoisonWriteWin.cpp
@@ -51,6 +51,24 @@ patched_WriteFile(HANDLE aFile, HANDLE aEvent, PIO_APC_ROUTINE aApc,
                             aBuffer, aLength, aOffset, aKey);
 }
 
+
+typedef NTSTATUS (WINAPI* WriteFileGather_fn)(HANDLE, HANDLE, PIO_APC_ROUTINE,
+                                              void*, PIO_STATUS_BLOCK,
+                                              FILE_SEGMENT_ELEMENT*,
+                                              ULONG, PLARGE_INTEGER, PULONG);
+WriteFileGather_fn gOriginalWriteFileGather;
+
+static NTSTATUS WINAPI
+patched_WriteFileGather(HANDLE aFile, HANDLE aEvent, PIO_APC_ROUTINE aApc,
+                        void* aApcUser, PIO_STATUS_BLOCK aIoStatus,
+                        FILE_SEGMENT_ELEMENT* aSegments, ULONG aLength,
+                        PLARGE_INTEGER aOffset, PULONG aKey)
+{
+  AbortOnBadWrite(aFile);
+  return gOriginalWriteFileGather(aFile, aEvent, aApc, aApcUser, aIoStatus,
+                                  aSegments, aLength, aOffset, aKey);
+}
+
 void AbortOnBadWrite(HANDLE aFile)
 {
   if (!PoisonWriteEnabled())
@@ -77,6 +95,7 @@ void PoisonWrite() {
   sNtDllInterceptor.Init("ntdll.dll");
   sNtDllInterceptor.AddHook("NtFlushBuffersFile", reinterpret_cast<intptr_t>(patched_FlushBuffersFile), reinterpret_cast<void**>(&gOriginalFlushBuffersFile));
   sNtDllInterceptor.AddHook("NtWriteFile", reinterpret_cast<intptr_t>(patched_WriteFile), reinterpret_cast<void**>(&gOriginalWriteFile));
+  sNtDllInterceptor.AddHook("NtWriteFileGather", reinterpret_cast<intptr_t>(patched_WriteFileGather), reinterpret_cast<void**>(&gOriginalWriteFileGather));
 }
 }