https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f562f9c5c629cba3f370f078d12c2f13a997c8f2
commit f562f9c5c629cba3f370f078d12c2f13a997c8f2 Author: Victor Perevertkin <[email protected]> AuthorDate: Mon Sep 7 04:57:17 2020 +0300 Commit: Victor Perevertkin <[email protected]> CommitDate: Mon Sep 7 04:57:17 2020 +0300 [NTOS:IO] Fix IRP stack location check in IoForwardIrpSynchronously We are doing IoCallDriver here, so the valid stack location should be CurrentLocation <= Irp->StackCount (just a check for a completly incorrect value) && CurrentLocation > 1 (ensure that we have a place for another call) CORE-17189 Co-authored-by: Thomas Faber <[email protected]> --- ntoskrnl/io/iomgr/irp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ntoskrnl/io/iomgr/irp.c b/ntoskrnl/io/iomgr/irp.c index 1b19d49e9a4..2de843975e0 100644 --- a/ntoskrnl/io/iomgr/irp.c +++ b/ntoskrnl/io/iomgr/irp.c @@ -1629,7 +1629,7 @@ IoForwardIrpSynchronously(IN PDEVICE_OBJECT DeviceObject, NTSTATUS Status; /* Check if next stack location is available */ - if (Irp->CurrentLocation < Irp->StackCount) + if (Irp->CurrentLocation > Irp->StackCount || Irp->CurrentLocation <= 1) { /* No more stack location */ return FALSE;
