Fix a nasty bug in RtlQueryRegistryValues, that caused memory corruption when the the key name or data had the "wrong" length.
svn path=/trunk/; revision=61624
/* Check if we have space to copy the data */
RequiredLength = KeyValueInfo->NameLength + sizeof(UNICODE_NULL);
- if (SpareLength < RequiredLength)
+ if ((SpareData > DataEnd) || (SpareLength < RequiredLength))
{
/* Fail and return the missing length */
*InfoSize = (ULONG)(SpareData - (PCHAR)KeyValueInfo) + RequiredLength;