[ros-diffs] [tkreuzer] 56366: [NTOSKRNL] Fix a bug in MiAllocatePoolPages, that made the function succeed, when MAX_ULONG / -1 / 0xFFFFFFFF bytes were requested. The value overflowed into 0 and 0 pages were re...

Author: tkreuzer Date: Thu Apr 19 14:33:53 2012 New Revision: 56366 URL: http://svn.reactos.org/svn/reactos?rev=56366&view=rev Log: [NTOSKRNL] Fix a bug in MiAllocatePoolPages, that made the function succeed, when MAX_ULONG / -1 / 0xFFFFFFFF bytes were requested. The value overflowed into 0 and 0 pages were returned. When freeing this block, it could either free the next following large allocation or ASSERT when the end of the pool was reached without finding the end of the allocation. Fixes FoxitReader 4.2/4.3 Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pool.c?re… ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] Thu Apr 19 14:33:53 2012 @@ -438,6 +438,17 @@ SizeInPages = (PFN_COUNT)BYTES_TO_PAGES(SizeInBytes); // + // Check for overflow + // + if (SizeInPages == 0) + { + // + // Fail + // + return NULL; + } + + // // Handle paged pool // if ((PoolType & BASE_POOL_TYPE_MASK) == PagedPool)