[tfaber] 63871: [RPCRT4] - Correctly check for in-buffer memory in PointerFree. Fixes invalid free e.g. when calling StartService without service arguments - Ros-diffs

12 Aug 2014

Author: tfaber
Date: Tue Aug 12 07:52:29 2014
New Revision: 63871
URL: http://svn.reactos.org/svn/reactos?rev=63871&view=rev
Log:
[RPCRT4]
- Correctly check for in-buffer memory in PointerFree. Fixes invalid free e.g. when calling StartService without service arguments
Modified:
    trunk/reactos/dll/win32/rpcrt4/ndr_marshall.c
Modified: trunk/reactos/dll/win32/rpcrt4/ndr_marshall.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/rpcrt4/ndr_marsha...
==============================================================================

--- trunk/reactos/dll/win32/rpcrt4/ndr_marshall.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/win32/rpcrt4/ndr_marshall.c	[iso-8859-1] Tue Aug 12 07:52:29 2014
@@ -1120,7 +1120,7 @@
    * BufferStart and BufferEnd won't be reset when allocating memory for
    * sending the response. we don't have to check for the new buffer here as
    * it won't be used a type memory, only for buffer memory */
-  if (Pointer >= pStubMsg->BufferStart && Pointer < pStubMsg->BufferEnd)
+  if (Pointer >= pStubMsg->BufferStart && Pointer <= pStubMsg->BufferEnd)
       goto notfree;
if (attr & RPC_FC_P_ONSTACK) {

    