[tkreuzer] 45134: [NTOS] Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine Khaldi.
18 Jan
2010
18 Jan
'10
4:43 p.m.
Author: tkreuzer
Date: Mon Jan 18 17:43:58 2010
New Revision: 45134
URL: http://svn.reactos.org/svn/reactos?rev=45134&view=rev
Log:
[NTOS]
Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than
NonPagedPool and PagedPool. Spotted by Amine Khaldi.
Modified:
trunk/reactos/ntoskrnl/mm/ARM3/expool.c
Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/expool.c?…
==============================================================================
--- trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] Mon Jan 18 17:43:58 2010
@@ -520,7 +520,7 @@
// for this pool type
//
BlockSize = Entry->BlockSize;
- PoolType = (Entry->PoolType & 3) - 1;
+ PoolType = (Entry->PoolType - 1) & BASE_POOL_TYPE_MASK;
PoolDesc = PoolVector[PoolType];
//
5459
days inactive
5459
days old
0 comments
1 participants
participants (1)
-
tkreuzer@svn.reactos.org