[ros-diffs] [weiden] 24520: Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.
weiden at svn.reactos.org
weiden at svn.reactos.org
Sun Oct 15 14:41:49 CEST 2006
Author: weiden
Date: Sun Oct 15 16:41:48 2006
New Revision: 24520
URL: http://svn.reactos.org/svn/reactos?rev=24520&view=rev
Log:
Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.
Modified:
trunk/reactos/ntoskrnl/ke/i386/cpu.c
Modified: trunk/reactos/ntoskrnl/ke/i386/cpu.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/cpu.c?rev=24520&r1=24519&r2=24520&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/ke/i386/cpu.c (original)
+++ trunk/reactos/ntoskrnl/ke/i386/cpu.c Sun Oct 15 16:41:48 2006
@@ -183,6 +183,7 @@
{
PKPRCB Prcb = KeGetCurrentPrcb();
ULONG Vendor[5];
+ ULONG Temp;
/* Assume no Vendor ID and fail if no CPUID Support. */
Prcb->VendorString[0] = 0;
@@ -193,13 +194,13 @@
Vendor[4] = 0;
/* Re-arrange vendor string */
- Vendor[5] = Vendor[2];
+ Temp = Vendor[2];
Vendor[2] = Vendor[3];
- Vendor[3] = Vendor[5];
+ Vendor[3] = Temp;
/* Copy it to the PRCB and null-terminate it again */
RtlCopyMemory(Prcb->VendorString,
- &Vendor[1],
+ &Vendor[0],
sizeof(Prcb->VendorString) - sizeof(CHAR));
Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;
More information about the Ros-diffs
mailing list