From: Jinoh Kang jinoh.kang.kr@gmail.com
`(BYTE *)dst_ex - (BYTE *)dst` is the size of the legacy context, but `dst_ex->All` already contains the legacy context. Therefore, `context_length` has the legacy context size added *twice*.
This becomes a problem when `context_length` exceeds `sizeof(src_context_buffer)`. This confuses `check_changes_in_range()`, causing out-of-bounds read and unpredictable test results. --- dlls/ntdll/tests/exception.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c index 79a65dadab9..9f6bfbd2008 100644 --- a/dlls/ntdll/tests/exception.c +++ b/dlls/ntdll/tests/exception.c @@ -11952,7 +11952,7 @@ static void test_copy_context(void) *(DWORD *)((BYTE *)dst + flags_offset) = 0; *(DWORD *)((BYTE *)src + flags_offset) = 0;
- context_length = (BYTE *)dst_ex - (BYTE *)dst + dst_ex->All.Length; + context_length = dst_ex->All.Length;
if (flags & 0x40) {