[vbox-dev] bad address causes host DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD

[Mihai Hanor]

Hello,

I can reproduce a DRIVER_IRQL_NOT_LESS_OR_EQUAL BSOD on my host (Windows 7 64 bit SP1), using a debug build of VirtualBox svn44137, while a guest is booting (Windows 7 64 bit SP1, unpatched, 2 CPUs). It is caused by the code line: VMMR0!pgmPhysAllocLargePage [c:\work_x64\vbox\src\vbox\vmm\vmmall\pgmallphys.cpp @ 749], which is:

LogFlow(("Found page %RGp with wrong attributes (type=%d; state=%d); cancel check. rc=%d\n", GCPhys, PGM_PAGE_GET_TYPE(pSubPage), PGM_PAGE_GET_STATE(pSubPage), rc));

At that code context, rc is set to VERR_PGM_INVALID_GC_PHYSICAL_ADDRESS, pSubPage is set to NULL (set by pgmPhysGetPageExSlow()). No check is done to prevent PGM_PAGE_GET_TYPE from dereferencing the null pointer. I can provide a kernel minidump, if needed.

Thank you,
Mihai