[tkreuzer] 56794: [RTL] Fix a mistake in RtlNumberOfSetBits, check for index out of range in RtlFindNextForwardRun* - Ros-diffs

24 Jun 2012

Author: tkreuzer
Date: Sun Jun 24 13:39:32 2012
New Revision: 56794
URL: http://svn.reactos.org/svn/reactos?rev=56794&view=rev
Log:
[RTL]
Fix a mistake in RtlNumberOfSetBits, check for index out of range in RtlFindNextForwardRun*
Modified:
    trunk/reactos/lib/rtl/bitmap.c
Modified: trunk/reactos/lib/rtl/bitmap.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/bitmap.c?rev=56794&...
==============================================================================

--- trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/bitmap.c [iso-8859-1] Sun Jun 24 13:39:32 2012
@@ -421,7 +421,7 @@
     }
Shift = 8 - (BitMapHeader->SizeOfBitMap & 7);
-    BitCount += BitCountTable[(*Byte) << Shift];
+    BitCount += BitCountTable[((*Byte) << Shift) & 0xFF];
return BitCount;
 }
@@ -618,6 +618,13 @@
 {
     ULONG Length;
+    /* Check for buffer overrun */
+    if (FromIndex >= BitMapHeader->SizeOfBitMap)
+    {
+        *StartingRunIndex = FromIndex;
+        return 0;
+    }
+
     /* Assume a set run first, count it's length */
     Length = RtlpGetLengthOfRunSet(BitMapHeader, FromIndex, MAXULONG);
     *StartingRunIndex = FromIndex + Length;
@@ -634,6 +641,13 @@
     IN PULONG StartingRunIndex)
 {
     ULONG Length;
+
+    /* Check for buffer overrun */
+    if (FromIndex >= BitMapHeader->SizeOfBitMap)
+    {
+        *StartingRunIndex = FromIndex;
+        return 0;
+    }
/* Assume a clear run first, count it's length */
     Length = RtlpGetLengthOfRunClear(BitMapHeader, FromIndex, MAXULONG);

    