Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 08:25:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTDLL:CSR] Fix a bug in the calculation of the capture buffer size in CsrAllocateCaptureBuffer().

Browse source 
Take the alignment padding for each argument into account, **BEFORE**
doing the final size alignment on a 4-byte boundary. Thus, the capture
buffer size value is properly aligned, and passes the validation tests
on the server side (in CSRSRV!CsrCaptureArguments), see commit 7e2db773.

This bug was put in evidence in x64 builds where the memory alignments
were more tight than in the x86 builds.
This commit is contained in:
Hermès Bélusca-Maïto 2020-10-05 02:01:52 +02:00
parent 14c18657bc
commit b3fa53f818
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
dll/ntdll/csr/capture.c
View file

@ -95,16 +95,16 @@ CsrAllocateCaptureBuffer(IN ULONG ArgumentCount,
/* Validate size */
if (BufferSize >= MAXLONG) return NULL;
/* Add the size of the header and for each offset to the pointers */
/* Add the size of the header and of the pointer-offset array */
BufferSize += FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) +
(ArgumentCount * sizeof(ULONG_PTR));
/* Align it to a 4-byte boundary */
BufferSize = (BufferSize + 3) & ~3;
/* Add the size of the alignment padding for each argument */
BufferSize += ArgumentCount * 3;
/* Align it to a 4-byte boundary */
BufferSize = (BufferSize + 3) & ~3;
/* Allocate memory from the port heap */
CaptureBuffer = RtlAllocateHeap(CsrPortHeap, HEAP_ZERO_MEMORY, BufferSize);
if (CaptureBuffer == NULL) return NULL;