Commit 7ba9dea9 authored by Jinoh Kang's avatar Jinoh Kang Committed by Alexandre Julliard

ntdll/tests: Fix incorrect calculation of context length in test_copy_context().

`(BYTE *)dst_ex - (BYTE *)dst` is the size of the legacy context, but `dst_ex->All` already contains the legacy context. Therefore, `context_length` has the legacy context size added *twice*. This becomes a problem when `context_length` exceeds `sizeof(src_context_buffer)`. This confuses `check_changes_in_range()`, causing out-of-bounds read and unpredictable test results.
parent 3995ff24
...@@ -11952,7 +11952,7 @@ static void test_copy_context(void) ...@@ -11952,7 +11952,7 @@ static void test_copy_context(void)
*(DWORD *)((BYTE *)dst + flags_offset) = 0; *(DWORD *)((BYTE *)dst + flags_offset) = 0;
*(DWORD *)((BYTE *)src + flags_offset) = 0; *(DWORD *)((BYTE *)src + flags_offset) = 0;
context_length = (BYTE *)dst_ex - (BYTE *)dst + dst_ex->All.Length; context_length = dst_ex->All.Length;
if (flags & 0x40) if (flags & 0x40)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment