Author: cgutman Date: Tue Aug 16 20:48:18 2011 New Revision: 53272
URL: http://svn.reactos.org/svn/reactos?rev=53272&view=rev Log: [ACPI] - Fix massive memory corruption during FDO device relations handling
Modified: trunk/reactos/drivers/bus/acpi/pnp.c
Modified: trunk/reactos/drivers/bus/acpi/pnp.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/bus/acpi/pnp.c?rev=... ============================================================================== --- trunk/reactos/drivers/bus/acpi/pnp.c [iso-8859-1] (original) +++ trunk/reactos/drivers/bus/acpi/pnp.c [iso-8859-1] Tue Aug 16 20:48:18 2011 @@ -193,7 +193,7 @@ //
length = sizeof(DEVICE_RELATIONS) + - ((numPdosPresent + prevcount) * sizeof (PDEVICE_OBJECT)) -1; + (((numPdosPresent + prevcount) - 1) * sizeof (DEVICE_OBJECT));
relations = (PDEVICE_RELATIONS) ExAllocatePoolWithTag (PagedPool, length, 'IPCA'); @@ -214,7 +214,7 @@ // if (prevcount) { RtlCopyMemory (relations->Objects, oldRelations->Objects, - prevcount * sizeof (PDEVICE_OBJECT)); + prevcount * sizeof (DEVICE_OBJECT)); }
relations->Count = prevcount + numPdosPresent;