[ros-diffs] [fireball] 38324: - Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer. - Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html

Author: fireball Date: Wed Dec 24 04:12:01 2008 New Revision: 38324 URL: http://svn.reactos.org/svn/reactos?rev=38324&view=rev Log: - Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer. - Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html Modified: trunk/reactos/lib/rtl/bitmap.c Modified: trunk/reactos/lib/rtl/bitmap.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/bitmap.c?rev=38324… ============================================================================== --- trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] (original) +++ trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] Wed Dec 24 04:12:01 2008 @@ -764,9 +764,12 @@ lpOut++; } - bMasked = *lpOut & NTDLL_maskBits[ulRemainder]; - ulSet += NTDLL_nibbleBitCount[bMasked >> 4]; - ulSet += NTDLL_nibbleBitCount[bMasked & 0xf]; + if (ulRemainder) + { + bMasked = *lpOut & NTDLL_maskBits[ulRemainder]; + ulSet += NTDLL_nibbleBitCount[bMasked >> 4]; + ulSet += NTDLL_nibbleBitCount[bMasked & 0xf]; + } } return ulSet; }