From 8a30da51a01dc1c0e63310203cd0e426a3330cc8 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Fri, 19 May 2017 18:22:46 +0000
Subject: [PATCH] [RTL] - Do not change RTL_HANDLE_TABLE::CommittedHandles when
 committing a new page of handle entries. This value must always point to the
 beginning of the allocation, to correctly track the entire committed range.
 Fixes LibreOffice Writer (and ntdll_apitest) crash. CORE-13271 #resolve

svn path=/trunk/; revision=74599
---
 reactos/sdk/lib/rtl/handle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reactos/sdk/lib/rtl/handle.c b/reactos/sdk/lib/rtl/handle.c
index 99ec593e55b..5c24199199b 100644
--- a/reactos/sdk/lib/rtl/handle.c
+++ b/reactos/sdk/lib/rtl/handle.c
@@ -89,6 +89,7 @@ RtlAllocateHandle(
                 return NULL;
 
             /* Update handle array pointers */
+            HandleTable->CommittedHandles = (PRTL_HANDLE_TABLE_ENTRY)ArrayPointer;
             HandleTable->UnCommittedHandles = (PRTL_HANDLE_TABLE_ENTRY)ArrayPointer;
             HandleTable->MaxReservedHandles = (PRTL_HANDLE_TABLE_ENTRY)((ULONG_PTR)ArrayPointer + ArraySize);
         }
@@ -107,7 +108,6 @@ RtlAllocateHandle(
 
         /* Update handle array pointers */
         HandleTable->FreeHandles = (PRTL_HANDLE_TABLE_ENTRY)ArrayPointer;
-        HandleTable->CommittedHandles = (PRTL_HANDLE_TABLE_ENTRY)ArrayPointer;
         HandleTable->UnCommittedHandles = (PRTL_HANDLE_TABLE_ENTRY)((ULONG_PTR)ArrayPointer + ArraySize);
 
         /* Calculate the number of entries we can store in the array */
-- 
2.17.1