From 31842662a819adabbe4dcdf6411ff7695ace5d96 Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Mon, 18 Jan 2010 16:16:59 +0000 Subject: [PATCH] [NTOS] KiTrap0DHandler: fix buffer overrun (Spotted by Amine Khaldi) and optimize the code by checking the counter variable, instead of Instruction, this works the same, but the compiler can make sense of it and safe one comparison. svn path=/trunk/; revision=45132 --- reactos/ntoskrnl/ke/i386/traphdlr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/reactos/ntoskrnl/ke/i386/traphdlr.c b/reactos/ntoskrnl/ke/i386/traphdlr.c index dbfda25b847..93ee0c301f0 100644 --- a/reactos/ntoskrnl/ke/i386/traphdlr.c +++ b/reactos/ntoskrnl/ke/i386/traphdlr.c @@ -1078,7 +1078,7 @@ KiTrap0DHandler(IN PKTRAP_FRAME TrapFrame, /* FIXME: Use SEH */ Instructions = (PUCHAR)TrapFrame->Eip; - /* Scan next 15 opcodes */ + /* Scan next 15 bytes */ for (i = 0; i < 15; i++) { /* Skip prefix instructions */ @@ -1093,7 +1093,7 @@ KiTrap0DHandler(IN PKTRAP_FRAME TrapFrame, } /* Is this NOT any prefix instruction? */ - if (Instructions[i] != KiTrapPrefixTable[j]) + if (j == sizeof(KiTrapPrefixTable)) { /* We can go ahead and handle the fault now */ Instruction = Instructions[i]; @@ -1102,7 +1102,7 @@ KiTrap0DHandler(IN PKTRAP_FRAME TrapFrame, } /* If all we found was prefixes, then this instruction is too long */ - if (!Instruction) + if (i == 15) { /* Setup illegal instruction fault */ KiDispatchException0Args(STATUS_ILLEGAL_INSTRUCTION,