From 9104422c5d0a98931298b9c09adf0d955dba008d Mon Sep 17 00:00:00 2001
From: Maarten Lankhorst <m.b.lankhorst@gmail.com>
Date: Wed, 7 May 2008 11:29:14 -0700
Subject: [PATCH] ntdll: Fix RtlIntegerToUnicodeString so it won't overflow

---
 dlls/ntdll/rtlstr.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/dlls/ntdll/rtlstr.c b/dlls/ntdll/rtlstr.c
index deec931..9ef9788 100644
--- a/dlls/ntdll/rtlstr.c
+++ b/dlls/ntdll/rtlstr.c
@@ -1970,7 +1970,7 @@ NTSTATUS WINAPI RtlIntegerToUnicodeString(
     } while (value != 0L);
 
     str->Length = (&buffer[32] - pos) * sizeof(WCHAR);
-    if (str->Length >= str->MaximumLength) {
+    if (str->Length + sizeof(WCHAR) >= str->MaximumLength) {
 	return STATUS_BUFFER_OVERFLOW;
     } else {
 	memcpy(str->Buffer, pos, str->Length + sizeof(WCHAR));
-- 
1.5.4.1