Fix potential buffer overflow

The buffer allocation in FdoQueryDeviceRelations() is completely bogus. Fix
it.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>

diff --git a/src/xenvif/fdo.c b/src/xenvif/fdo.c
index b903b091623f5987c2cb041bccbe584ad3038977..aabc9c12318a3170837e741a4efce348019c1da1 100644 (file)
--- a/src/xenvif/fdo.c
+++ b/src/xenvif/fdo.c
@@ -1632,7 +1632,7 @@ FdoQueryDeviceRelations(
          ListEntry = ListEntry->Flink)
         Count++;
 
-    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (DEVICE_OBJECT) * __min(Count, 1));
+    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (PDEVICE_OBJECT) * __max(Count, 1));
 
     Relations = ExAllocatePoolWithTag(PagedPool, Size, 'FIV');