From 7a047a790264f615c3aff9c0e8485c337996879d Mon Sep 17 00:00:00 2001
From: Sir Richard <sir_richard@svn.reactos.org>
Date: Thu, 11 Nov 2010 13:05:52 +0000
Subject: [PATCH] [NTOS]: Fix another bug in the continuous memory allocation
 code, which would go off-by-one while looping the PFN entries for the
 allocation, and corrupt the PteFrame/PteAddress of an unrelated PFN entry. If
 this PFN was in the active lists, it would cause page table leaks and faults,
 if the page was on a free list, it would override the colored list backlink
 and corrupt the list, later causing unlinked pages to remain linked to the
 list.

svn path=/trunk/; revision=49556
---
 reactos/ntoskrnl/mm/ARM3/contmem.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/reactos/ntoskrnl/mm/ARM3/contmem.c b/reactos/ntoskrnl/mm/ARM3/contmem.c
index 744d8127aff..79eacda42a0 100644
--- a/reactos/ntoskrnl/mm/ARM3/contmem.c
+++ b/reactos/ntoskrnl/mm/ARM3/contmem.c
@@ -79,7 +79,6 @@ MiFindContiguousPages(IN PFN_NUMBER LowestPfn,
             //
             if (MiIsPfnInUse(Pfn1))
             {
-                //DPRINT1("In use: reset\n");
                 Length = 0;
                 continue;
             }
@@ -94,7 +93,6 @@ MiFindContiguousPages(IN PFN_NUMBER LowestPfn,
                 //
                 // It does not, so bail out
                 //
-                //DPRINT1("Doesn't match restrictions: reset\n");
                 continue;
             }
             
@@ -368,7 +366,7 @@ MiFindContiguousMemory(IN PFN_NUMBER LowestPfn,
         /* Write the PTE address */
         Pfn1->PteAddress = PointerPte;
         Pfn1->u4.PteFrame = PFN_FROM_PTE(MiAddressToPte(PointerPte++));
-    } while (Pfn1++ < EndPfn);
+    } while (++Pfn1 < EndPfn);
     
     /* Return the address */
     return BaseAddress;