projects / reactos.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[CSRSRV]: In CsrCaptureArguments, be sure that the number of captured pointers is...
[reactos.git] / reactos / subsystems / win32 / csrsrv / api.c
diff --git a/reactos/subsystems/win32/csrsrv/api.c b/reactos/subsystems/win32/csrsrv/api.c
index 55f8c9d..125fc67 100644 (file)
--- a/reactos/subsystems/win32/csrsrv/api.c
+++ b/reactos/subsystems/win32/csrsrv/api.c
@@ -1153,7 +1153,7 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
         /* Check if the Length is valid */
         if ((FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) +
                 (LocalCaptureBuffer->PointerCount * sizeof(PVOID)) > Length) ||
-            (Length > MAXWORD))
+            (LocalCaptureBuffer->PointerCount > MAXUSHORT))
         {
             /* Return failure */
             DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", LocalCaptureBuffer);
A free Windows-compatible Operating System