[UDFS] Fix an integer overflow leading to a buffer overrun
authorPierre Schweitzer <pierre@reactos.org>
Thu, 4 Apr 2019 13:08:21 +0000 (15:08 +0200)
committerPierre Schweitzer <pierre@reactos.org>
Thu, 4 Apr 2019 13:08:21 +0000 (15:08 +0200)
Spotted by GCC7

drivers/filesystems/udfs/Include/mem_tools.h

index 7dfc8ed..11d9254 100644 (file)
@@ -265,7 +265,7 @@ ULONG inline MyReallocPool__(PCHAR addr, ULONG len, PCHAR *pnewaddr, ULONG newle
             RtlCopyMemory(newaddr, addr, newlen);
         } else {
             RtlCopyMemory(newaddr, addr, len);
-            RtlZeroMemory(newaddr+len, newlen - len);
+            RtlZeroMemory(newaddr+len, _newlen - len);
         }
 #ifdef MY_MEM_BOUNDS_CHECK
         for(i=0; i<MY_HEAP_ALIGN+1; i++) {