Bernhard Übelacker : ntoskrnl.exe: Make IoAllocateIrp not crash on negative values. - wine-commits

12 Apr 2016

Module: wine
Branch: master
Commit: 64aec5d8dbae329958b9b677d3289de78142e289
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=64aec5d8dbae329958b9b677d3...
Author: Bernhard Übelacker bernhardu@vr-web.de
Date:   Tue Mar 29 22:13:16 2016 +0200
ntoskrnl.exe: Make IoAllocateIrp not crash on negative values.
Signed-off-by: Bernhard Übelacker bernhardu@vr-web.de
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/ntoskrnl.exe/ntoskrnl.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 0e87b82..a52b5df 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -592,15 +592,20 @@ PIRP WINAPI IoAllocateIrp( CCHAR stack_size, BOOLEAN charge_quota )
 {
     SIZE_T size;
     PIRP irp;
+    CCHAR loc_count = stack_size;
TRACE( "%d, %d\n", stack_size, charge_quota );
-    size = sizeof(IRP) + stack_size * sizeof(IO_STACK_LOCATION);
+    if (loc_count < 8 && loc_count != 1)
+        loc_count = 8;
+
+    size = sizeof(IRP) + loc_count * sizeof(IO_STACK_LOCATION);
     irp = ExAllocatePool( NonPagedPool, size );
     if (irp == NULL)
         return NULL;
     IoInitializeIrp( irp, size, stack_size );
-    irp->AllocationFlags = IRP_ALLOCATED_FIXED_SIZE;
+    if (stack_size >= 1 && stack_size <= 8)
+        irp->AllocationFlags = IRP_ALLOCATED_FIXED_SIZE;
     if (charge_quota)
         irp->AllocationFlags |= IRP_LOOKASIDE_ALLOCATION;
     return irp;

    