[tkreuzer] 45134: [NTOS] Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine Khaldi. - Ros-diffs

18 Jan 2010

Author: tkreuzer
Date: Mon Jan 18 17:43:58 2010
New Revision: 45134
URL: http://svn.reactos.org/svn/reactos?rev=45134&view=rev
Log:
[NTOS]
Fix buffer overrun in ExFreePoolWithTag when dealing with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine Khaldi.
Modified:
    trunk/reactos/ntoskrnl/mm/ARM3/expool.c
Modified: trunk/reactos/ntoskrnl/mm/ARM3/expool.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/expool.c?r...
==============================================================================

--- trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/ARM3/expool.c [iso-8859-1] Mon Jan 18 17:43:58 2010
@@ -520,7 +520,7 @@
     // for this pool type
     //
     BlockSize = Entry->BlockSize;
-    PoolType = (Entry->PoolType & 3) - 1;
+    PoolType = (Entry->PoolType - 1) & BASE_POOL_TYPE_MASK;
     PoolDesc = PoolVector[PoolType];
//

    