[ros-diffs] [weiden] 24520: Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.

15 Oct 2006

Author: weiden
Date: Sun Oct 15 16:41:48 2006
New Revision: 24520
URL: http://svn.reactos.org/svn/reactos?rev=24520&view=rev
Log:
Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.
Modified:
    trunk/reactos/ntoskrnl/ke/i386/cpu.c
Modified: trunk/reactos/ntoskrnl/ke/i386/cpu.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/cpu.c?rev=...
==============================================================================

--- trunk/reactos/ntoskrnl/ke/i386/cpu.c (original)
+++ trunk/reactos/ntoskrnl/ke/i386/cpu.c Sun Oct 15 16:41:48 2006
@@ -183,6 +183,7 @@
 {
     PKPRCB Prcb = KeGetCurrentPrcb();
     ULONG Vendor[5];
+    ULONG Temp;
/* Assume no Vendor ID and fail if no CPUID Support. */
     Prcb->VendorString[0] = 0;
@@ -193,13 +194,13 @@
     Vendor[4] = 0;
/* Re-arrange vendor string */
-    Vendor[5] = Vendor[2];
+    Temp = Vendor[2];
     Vendor[2] = Vendor[3];
-    Vendor[3] = Vendor[5];
+    Vendor[3] = Temp;
/* Copy it to the PRCB and null-terminate it again */
     RtlCopyMemory(Prcb->VendorString,
-                  &Vendor[1],
+                  &Vendor[0],
                   sizeof(Prcb->VendorString) - sizeof(CHAR));
     Prcb->VendorString[sizeof(Prcb->VendorString) - sizeof(CHAR)] = ANSI_NULL;

    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [weiden] 24520: Fix buffer overflow in KiGetCpuVendor, thanks to Michael Fritscher for reporting this bug.