https://git.reactos.org/?p=reactos.git;a=commitdiff;h=cf40421041eeea92a29520a9d04868cb804239ca
commit cf40421041eeea92a29520a9d04868cb804239ca Author: Thomas Faber <thomas.fa...@reactos.org> AuthorDate: Wed Feb 20 12:21:03 2019 +0100 Commit: Thomas Faber <thomas.fa...@reactos.org> CommitDate: Wed Feb 20 12:23:33 2019 +0100 [NTOS:PNP] Correctly respect data size in PnpRegSzToString. CORE-15766 Spotted by Vadim Galyant. --- ntoskrnl/io/pnpmgr/pnputil.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/ntoskrnl/io/pnpmgr/pnputil.c b/ntoskrnl/io/pnpmgr/pnputil.c index 3ed75b2c07..8f17304187 100644 --- a/ntoskrnl/io/pnpmgr/pnputil.c +++ b/ntoskrnl/io/pnpmgr/pnputil.c @@ -175,11 +175,20 @@ PnpRegSzToString(IN PWCHAR RegSzData, PWCHAR p, pp; /* Find the end */ - pp = RegSzData + RegSzLength; - for (p = RegSzData; p < pp; p++) if (!*p) break; + pp = RegSzData + RegSzLength / sizeof(WCHAR); + for (p = RegSzData; p < pp; p++) + { + if (!*p) + { + break; + } + } - /* Return it */ - if (StringLength) *StringLength = (USHORT)(p - RegSzData) * sizeof(WCHAR); + /* Return the length. Truncation can happen but is of no consequence. */ + if (StringLength) + { + *StringLength = (USHORT)(p - RegSzData) * sizeof(WCHAR); + } return TRUE; }