From b90d2430379d0bf09900b29da09686006333e113 Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Mon, 18 Jan 2010 16:43:58 +0000
Subject: [PATCH] [NTOS] Fix buffer overrun in ExFreePoolWithTag when dealing
 with a PoolType other than NonPagedPool and PagedPool. Spotted by Amine
 Khaldi.

svn path=/trunk/; revision=45134
---
 reactos/ntoskrnl/mm/ARM3/expool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reactos/ntoskrnl/mm/ARM3/expool.c b/reactos/ntoskrnl/mm/ARM3/expool.c
index 4c5f46b0ccc..c10d8c87d56 100644
--- a/reactos/ntoskrnl/mm/ARM3/expool.c
+++ b/reactos/ntoskrnl/mm/ARM3/expool.c
@@ -520,7 +520,7 @@ ExFreePoolWithTag(IN PVOID P,
     // for this pool type
     //
     BlockSize = Entry->BlockSize;
-    PoolType = (Entry->PoolType & 3) - 1;
+    PoolType = (Entry->PoolType - 1) & BASE_POOL_TYPE_MASK;
     PoolDesc = PoolVector[PoolType];
 
     //