ntdll: Don't calculate remaining bits if there are none. Fixes out-of-bounds read of a buffer.
Aleksey Bragin
aleksey at reactos.org
Wed Dec 24 05:11:09 CST 2008
From fea0ca15e526eceb7a53e6e7dd5efccd8a3a3cf9 Mon Sep 17 00:00:00 2001
From: Aleksey Bragin <aleksey at reactos.org>
Date: Wed, 24 Dec 2008 14:04:25 +0300
Subject: [PATCH] ntdll: Don't calculate remaining bits if there are
none. Fixes out-of-bounds read of a buffer.
---
dlls/ntdll/rtlbitmap.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/dlls/ntdll/rtlbitmap.c b/dlls/ntdll/rtlbitmap.c
index 3656d24..26e80d8 100644
--- a/dlls/ntdll/rtlbitmap.c
+++ b/dlls/ntdll/rtlbitmap.c
@@ -554,9 +554,12 @@ ULONG WINAPI RtlNumberOfSetBits(PCRTL_BITMAP
lpBits)
lpOut++;
}
- bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
- ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
- ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+ if (ulRemainder)
+ {
+ bMasked = *lpOut & NTDLL_maskBits[ulRemainder];
+ ulSet += NTDLL_nibbleBitCount[bMasked >> 4];
+ ulSet += NTDLL_nibbleBitCount[bMasked & 0xf];
+ }
}
return ulSet;
}
--
1.4.4.4
More information about the wine-patches
mailing list