https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8bc9935fcb334bb7c393f33cd8e3b708a6d31518
commit 8bc9935fcb334bb7c393f33cd8e3b708a6d31518 Author: Bartosz Brachaczek <[email protected]> AuthorDate: Sun Mar 31 11:42:56 2019 +0200 Commit: Pierre Schweitzer <[email protected]> CommitDate: Sun Mar 31 11:44:01 2019 +0200 [NTOSKRNL] Properly copy backtracking buffer content on realloc CORE-15902 --- ntoskrnl/fsrtl/dbcsname.c | 22 +++++++++++----------- ntoskrnl/fsrtl/name.c | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/ntoskrnl/fsrtl/dbcsname.c b/ntoskrnl/fsrtl/dbcsname.c index d44fde9cc0..2c7300f388 100644 --- a/ntoskrnl/fsrtl/dbcsname.c +++ b/ntoskrnl/fsrtl/dbcsname.c @@ -305,21 +305,21 @@ FsRtlIsDbcsInExpression(IN PANSI_STRING Expression, goto Exit; } - /* Backtracking is at the start of the buffer */ - BackTracking = AllocatedBuffer; - - /* Copy BackTrackingBuffer content */ - RtlCopyMemory(BackTracking, - BackTrackingBuffer, + /* Copy BackTracking content. Note that it can point to either BackTrackingBuffer or OldBackTrackingBuffer */ + RtlCopyMemory(AllocatedBuffer, + BackTracking, RTL_NUMBER_OF(BackTrackingBuffer) * sizeof(USHORT)); - /* OldBackTracking is after BackTracking */ - OldBackTracking = &BackTracking[BackTrackingBufferSize]; + /* Place current Backtracking is at the start of the new buffer */ + BackTracking = AllocatedBuffer; - /* Copy OldBackTrackingBuffer content */ - RtlCopyMemory(OldBackTracking, - OldBackTrackingBuffer, + /* Copy OldBackTracking content */ + RtlCopyMemory(&BackTracking[BackTrackingBufferSize], + OldBackTracking, RTL_NUMBER_OF(OldBackTrackingBuffer) * sizeof(USHORT)); + + /* Place current OldBackTracking after current BackTracking in the buffer */ + OldBackTracking = &BackTracking[BackTrackingBufferSize]; } /* If lead byte present */ diff --git a/ntoskrnl/fsrtl/name.c b/ntoskrnl/fsrtl/name.c index ae934900f4..6a2c280cd1 100644 --- a/ntoskrnl/fsrtl/name.c +++ b/ntoskrnl/fsrtl/name.c @@ -157,21 +157,21 @@ FsRtlIsNameInExpressionPrivate(IN PUNICODE_STRING Expression, goto Exit; } - /* Backtracking is at the start of the buffer */ - BackTracking = AllocatedBuffer; - - /* Copy BackTrackingBuffer content */ - RtlCopyMemory(BackTracking, - BackTrackingBuffer, + /* Copy BackTracking content. Note that it can point to either BackTrackingBuffer or OldBackTrackingBuffer */ + RtlCopyMemory(AllocatedBuffer, + BackTracking, RTL_NUMBER_OF(BackTrackingBuffer) * sizeof(USHORT)); - /* OldBackTracking is after BackTracking */ - OldBackTracking = &BackTracking[BackTrackingBufferSize]; + /* Place current Backtracking is at the start of the new buffer */ + BackTracking = AllocatedBuffer; - /* Copy OldBackTrackingBuffer content */ - RtlCopyMemory(OldBackTracking, - OldBackTrackingBuffer, + /* Copy OldBackTracking content */ + RtlCopyMemory(&BackTracking[BackTrackingBufferSize], + OldBackTracking, RTL_NUMBER_OF(OldBackTrackingBuffer) * sizeof(USHORT)); + + /* Place current OldBackTracking after current BackTracking in the buffer */ + OldBackTracking = &BackTracking[BackTrackingBufferSize]; } /* Basic check to test if chars are equal */
