https://git.reactos.org/?p=reactos.git;a=commitdiff;h=b3fa53f818639ef765cde… commit b3fa53f818639ef765cde4d294215d558433cc38 Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> AuthorDate: Mon Oct 5 02:01:52 2020 +0200 Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org> CommitDate: Mon Oct 5 02:22:43 2020 +0200 [NTDLL:CSR] Fix a bug in the calculation of the capture buffer size in CsrAllocateCaptureBuffer(). Take the alignment padding for each argument into account, **BEFORE** doing the final size alignment on a 4-byte boundary. Thus, the capture buffer size value is properly aligned, and passes the validation tests on the server side (in CSRSRV!CsrCaptureArguments), see commit 7e2db773. This bug was put in evidence in x64 builds where the memory alignments were more tight than in the x86 builds. --- dll/ntdll/csr/capture.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dll/ntdll/csr/capture.c b/dll/ntdll/csr/capture.c index 1f1e6956e55..759f74bcdf9 100644 --- a/dll/ntdll/csr/capture.c +++ b/dll/ntdll/csr/capture.c @@ -95,16 +95,16 @@ CsrAllocateCaptureBuffer(IN ULONG ArgumentCount, /* Validate size */ if (BufferSize >= MAXLONG) return NULL; - /* Add the size of the header and for each offset to the pointers */ + /* Add the size of the header and of the pointer-offset array */ BufferSize += FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) + (ArgumentCount * sizeof(ULONG_PTR)); - /* Align it to a 4-byte boundary */ - BufferSize = (BufferSize + 3) & ~3; - /* Add the size of the alignment padding for each argument */ BufferSize += ArgumentCount * 3; + /* Align it to a 4-byte boundary */ + BufferSize = (BufferSize + 3) & ~3; + /* Allocate memory from the port heap */ CaptureBuffer = RtlAllocateHeap(CsrPortHeap, HEAP_ZERO_MEMORY, BufferSize); if (CaptureBuffer == NULL) return NULL;