Author: fireball
Date: Thu Oct 13 18:15:50 2011
New Revision: 54116
URL: http://svn.reactos.org/svn/reactos?rev=54116&view=rev
Log:
[RTL]
- Fix two bugs revealed by the newly added test in r54114.
* Original length of the passed string should be used when checking for
out-of-buffer access in the loop
* PathChars should be updated if a DOS device name was found in the given
string.
See issue #6390 for more details.
Modified:
trunk/reactos/lib/rtl/path.c
Modified: trunk/reactos/lib/rtl/path.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/path.c?rev=54116&r1=54115&r2=54116&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/path.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/path.c [iso-8859-1] Thu Oct 13 18:15:50 2011
@@ -48,7 +48,7 @@
UNICODE_STRING PathCopy;
PWCHAR Start, End;
USHORT PathChars, ColonCount = 0;
- USHORT ReturnOffset = 0, ReturnLength;
+ USHORT ReturnOffset = 0, ReturnLength, OriginalLength;
WCHAR c;
/* Validate the input */
@@ -77,6 +77,7 @@
/* Make a copy of the string */
PathCopy = *PathString;
+ OriginalLength = PathString->Length;
/* Return if there's no characters */
PathChars = PathCopy.Length / sizeof(WCHAR);
@@ -124,16 +125,19 @@
c = *End | ' '; // ' ' == ('z' - 'Z')
/* Check if it's a DOS device (LPT, COM, PRN, AUX, or NUL) */
- if ((End < &PathCopy.Buffer[PathCopy.Length / sizeof(WCHAR)])
&&
+ if ((End < &PathCopy.Buffer[OriginalLength / sizeof(WCHAR)]) &&
((c == 'l') || (c == 'c') || (c == 'p') || (c == 'a') ||
(c == 'n')))
{
/* Calculate the offset */
ReturnOffset = (PCHAR)End - (PCHAR)PathCopy.Buffer;
/* Build the final string */
- PathCopy.Length -= ReturnOffset;
- PathCopy.Length -= (ColonCount * sizeof(WCHAR));
+ PathCopy.Length = OriginalLength - ReturnOffset -
(ColonCount * sizeof(WCHAR));
PathCopy.Buffer = End;
+
+ /* Save new amount of chars in the path */
+ PathChars = PathCopy.Length / sizeof(WCHAR);
+
break;
}
else
