From a9d728c50a18417035453625d5852fc27f15bde6 Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Thu, 19 Apr 2012 14:33:53 +0000
Subject: [PATCH] [NTOSKRNL] Fix a bug in MiAllocatePoolPages, that made the
 function succeed, when MAX_ULONG / -1 / 0xFFFFFFFF bytes were requested. The
 value overflowed into 0 and 0 pages were returned. When freeing this block,
 it could either free the next following large allocation or ASSERT when the
 end of the pool was reached without finding the end of the allocation. Fixes
 FoxitReader 4.2/4.3

svn path=/trunk/; revision=56366
---
 reactos/ntoskrnl/mm/ARM3/pool.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/reactos/ntoskrnl/mm/ARM3/pool.c b/reactos/ntoskrnl/mm/ARM3/pool.c
index 4030e8b5a67..aed7a8ffaab 100644
--- a/reactos/ntoskrnl/mm/ARM3/pool.c
+++ b/reactos/ntoskrnl/mm/ARM3/pool.c
@@ -437,6 +437,17 @@ MiAllocatePoolPages(IN POOL_TYPE PoolType,
     //
     SizeInPages = (PFN_COUNT)BYTES_TO_PAGES(SizeInBytes);
 
+    //
+    // Check for overflow
+    //
+    if (SizeInPages == 0)
+    {
+        //
+        // Fail
+        //
+        return NULL;
+    }
+
     //
     // Handle paged pool
     //