https://git.reactos.org/?p=reactos.git;a=commitdiff;h=5d5e9c848646fac0b502e5...
commit 5d5e9c848646fac0b502e59bce19fb4db882bbff Author: Bartosz Brachaczek b.brachaczek@gmail.com AuthorDate: Sun Mar 31 11:27:16 2019 +0200 Commit: Pierre Schweitzer pierre@reactos.org CommitDate: Sun Mar 31 11:44:00 2019 +0200
[NTOSKRNL] Don't overflow backtrack stack buffer
CORE-15902 --- ntoskrnl/fsrtl/dbcsname.c | 2 +- ntoskrnl/fsrtl/name.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/fsrtl/dbcsname.c b/ntoskrnl/fsrtl/dbcsname.c index 306c5474b2..d44fde9cc0 100644 --- a/ntoskrnl/fsrtl/dbcsname.c +++ b/ntoskrnl/fsrtl/dbcsname.c @@ -283,7 +283,7 @@ FsRtlIsDbcsInExpression(IN PANSI_STRING Expression, }
/* If buffer too small */ - if (BackTrackingPosition > BackTrackingBufferSize - 2) + if (BackTrackingPosition > BackTrackingBufferSize - 3) { /* We should only ever get here once! */ ASSERT(AllocatedBuffer == NULL); diff --git a/ntoskrnl/fsrtl/name.c b/ntoskrnl/fsrtl/name.c index a6f0c004b7..393815ffef 100644 --- a/ntoskrnl/fsrtl/name.c +++ b/ntoskrnl/fsrtl/name.c @@ -135,7 +135,7 @@ FsRtlIsNameInExpressionPrivate(IN PUNICODE_STRING Expression, }
/* If buffer too small */ - if (BackTrackingPosition > BackTrackingBufferSize - 2) + if (BackTrackingPosition > BackTrackingBufferSize - 3) { /* We should only ever get here once! */ ASSERT(AllocatedBuffer == NULL);