ntoskrnl.exe: Make IoAllocateIrp not crash on negative values.

Signed-off-by: Bernhard Übelacker <bernhardu@vr-web.de> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

ntoskrnl.exe: Make IoAllocateIrp not crash on negative values.
64aec5d8 · Bernhard Übelacker · Alexandre Julliard · 376daa91 · 64aec5d8
Commit 64aec5d8 authored Mar 29, 2016 by Bernhard Übelacker Committed by Alexandre Julliard Apr 12, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

ntoskrnl.c dlls/ntoskrnl.exe/ntoskrnl.c +7 -2

No files found.
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -592,15 +592,20 @@ PIRP WINAPI IoAllocateIrp( CCHAR stack_size, BOOLEAN charge_quota )
 {
    SIZE_T size;
    PIRP irp;
+    CCHAR loc_count = stack_size;

    TRACE( "%d, %d\n", stack_size, charge_quota );

-    size = sizeof(IRP) + stack_size * sizeof(IO_STACK_LOCATION);
+    if (loc_count < 8 && loc_count != 1)
+        loc_count = 8;
+
+    size = sizeof(IRP) + loc_count * sizeof(IO_STACK_LOCATION);
    irp = ExAllocatePool( NonPagedPool, size );
    if (irp == NULL)
        return NULL;
    IoInitializeIrp( irp, size, stack_size );
-    irp->AllocationFlags = IRP_ALLOCATED_FIXED_SIZE;
+    if (stack_size >= 1 && stack_size <= 8)
+        irp->AllocationFlags = IRP_ALLOCATED_FIXED_SIZE;
    if (charge_quota)
        irp->AllocationFlags |= IRP_LOOKASIDE_ALLOCATION;
    return irp;