[fireball] 38324: - Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer. - Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html - Ros-diffs

24 Dec 2008

Author: fireball
Date: Wed Dec 24 04:12:01 2008
New Revision: 38324
URL: http://svn.reactos.org/svn/reactos?rev=38324&view=rev
Log:
- Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer.
- Patch sent to Wine: http://www.winehq.org/pipermail/wine-patches/2008-December/066692.html
Modified:
    trunk/reactos/lib/rtl/bitmap.c
Modified: trunk/reactos/lib/rtl/bitmap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/bitmap.c?rev=38324&...
==============================================================================

--- trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] Wed Dec 24 04:12:01 2008
@@ -764,9 +764,12 @@
       lpOut++;
     }
-    bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
-    ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
-    ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+    if (ulRemainder)
+    {
+      bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
+      ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
+      ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+    }
   }
   return ulSet;
 }

    