[ros-diffs] [tkreuzer] 45134: [NTOS] Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine Khaldi.
tkreuzer at svn.reactos.org
tkreuzer at svn.reactos.org
Mon Jan 18 17:43:58 CET 2010
Author: tkreuzer
Date: Mon Jan 18 17:43:58 2010
New Revision: 45134
URL: http://svn.reactos.org/svn/reactos?rev=45134&view=rev
Log:
[NTOS]
Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine Khaldi.
Modified:
trunk/reactos/ntoskrnl/mm/ARM3/expool.c
Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/expool.c?rev=45134&r1=45133&r2=45134&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] Mon Jan 18 17:43:58 2010
@@ -520,7 +520,7 @@
// for this pool type
//
BlockSize = Entry->BlockSize;
- PoolType = (Entry->PoolType & 3) - 1;
+ PoolType = (Entry->PoolType - 1) & BASE_POOL_TYPE_MASK;
PoolDesc = PoolVector[PoolType];
//
More information about the Ros-diffs
mailing list