[NTOSKRNL] Properly copy backtracking buffer content on realloc

CORE-15902
2025-02-23 00:45:24 +00:00 · 2019-03-31 11:42:56 +02:00 · 2019-03-31 11:42:56 +02:00 · 8bc9935fcb
commit 8bc9935fcb
parent 21d2c70bb4
2 changed files with 22 additions and 22 deletions
--- a/ntoskrnl/fsrtl/dbcsname.c
+++ b/ntoskrnl/fsrtl/dbcsname.c
@ -305,21 +305,21 @@ FsRtlIsDbcsInExpression(IN PANSI_STRING Expression,
                        goto Exit;
                    }
-                    /* Backtracking is at the start of the buffer */
+                    /* Copy BackTracking content. Note that it can point to either BackTrackingBuffer or OldBackTrackingBuffer */
-                    BackTracking = AllocatedBuffer;
+                    RtlCopyMemory(AllocatedBuffer,
-
+                                  BackTracking,
                    /* Copy BackTrackingBuffer content */
                    RtlCopyMemory(BackTracking,
                                  BackTrackingBuffer,
                                  RTL_NUMBER_OF(BackTrackingBuffer) * sizeof(USHORT));
-                    /* OldBackTracking is after BackTracking */
+                    /* Place current Backtracking is at the start of the new buffer */
-                    OldBackTracking = &BackTracking[BackTrackingBufferSize];
+                    BackTracking = AllocatedBuffer;
-                    /* Copy OldBackTrackingBuffer content */
+                    /* Copy OldBackTracking content */
-                    RtlCopyMemory(OldBackTracking,
+                    RtlCopyMemory(&BackTracking[BackTrackingBufferSize],
-                                  OldBackTrackingBuffer,
+                                  OldBackTracking,
                                  RTL_NUMBER_OF(OldBackTrackingBuffer) * sizeof(USHORT));
                    /* Place current OldBackTracking after current BackTracking in the buffer */
                    OldBackTracking = &BackTracking[BackTrackingBufferSize];
                }
                /* If lead byte present */
--- a/ntoskrnl/fsrtl/name.c
+++ b/ntoskrnl/fsrtl/name.c
@ -157,21 +157,21 @@ FsRtlIsNameInExpressionPrivate(IN PUNICODE_STRING Expression,
                        goto Exit;
                    }
-                    /* Backtracking is at the start of the buffer */
+                    /* Copy BackTracking content. Note that it can point to either BackTrackingBuffer or OldBackTrackingBuffer */
-                    BackTracking = AllocatedBuffer;
+                    RtlCopyMemory(AllocatedBuffer,
-
+                                  BackTracking,
                    /* Copy BackTrackingBuffer content */
                    RtlCopyMemory(BackTracking,
                                  BackTrackingBuffer,
                                  RTL_NUMBER_OF(BackTrackingBuffer) * sizeof(USHORT));
-                    /* OldBackTracking is after BackTracking */
+                    /* Place current Backtracking is at the start of the new buffer */
-                    OldBackTracking = &BackTracking[BackTrackingBufferSize];
+                    BackTracking = AllocatedBuffer;
-                    /* Copy OldBackTrackingBuffer content */
+                    /* Copy OldBackTracking content */
-                    RtlCopyMemory(OldBackTracking,
+                    RtlCopyMemory(&BackTracking[BackTrackingBufferSize],
-                                  OldBackTrackingBuffer,
+                                  OldBackTracking,
                                  RTL_NUMBER_OF(OldBackTrackingBuffer) * sizeof(USHORT));
                    /* Place current OldBackTracking after current BackTracking in the buffer */
                    OldBackTracking = &BackTracking[BackTrackingBufferSize];
                }
                /* Basic check to test if chars are equal */