projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 46e2b22)
[CSRSRV]: In CsrCaptureArguments, be sure that the number of captured pointers is...
authorHermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Sun, 6 Oct 2013 14:20:18 +0000 (14:20 +0000)
committerHermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Sun, 6 Oct 2013 14:20:18 +0000 (14:20 +0000)
svn path=/trunk/; revision=60561

reactos/subsystems/win32/csrsrv/api.c patch | blob | history

diff --git a/reactos/subsystems/win32/csrsrv/api.c b/reactos/subsystems/win32/csrsrv/api.c
index 55f8c9d..125fc67 100644 (file)
--- a/reactos/subsystems/win32/csrsrv/api.c
+++ b/reactos/subsystems/win32/csrsrv/api.c
@@ -1153,7 +1153,7 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
         /* Check if the Length is valid */
         if ((FIELD_OFFSET(CSR_CAPTURE_BUFFER, PointerOffsetsArray) +
                 (LocalCaptureBuffer->PointerCount * sizeof(PVOID)) > Length) ||
-            (Length > MAXWORD))
+            (LocalCaptureBuffer->PointerCount > MAXUSHORT))
         {
             /* Return failure */
             DPRINT1("*** CSRSS: CaptureBuffer %p has bad length\n", LocalCaptureBuffer);
A free Windows-compatible Operating System