[ros-diffs] [fireball] 38324: - Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer. - Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html
fireball at svn.reactos.org
fireball at svn.reactos.org
Wed Dec 24 11:12:02 CET 2008
Author: fireball
Date: Wed Dec 24 04:12:01 2008
New Revision: 38324
URL: http://svn.reactos.org/svn/reactos?rev=38324&view=rev
Log:
- Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer.
- Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html
Modified:
trunk/reactos/lib/rtl/bitmap.c
Modified: trunk/reactos/lib/rtl/bitmap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/bitmap.c?rev=38324&r1=38323&r2=38324&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] Wed Dec 24 04:12:01 2008
@@ -764,9 +764,12 @@
lpOut++;
}
- bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
- ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
- ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+ if (ulRemainder)
+ {
+ bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
+ ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
+ ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+ }
}
return ulSet;
}
More information about the Ros-diffs
mailing list