From 0d26bbf4b5c63ff58bd0e229753b6ff185e128cb Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Sun, 29 Dec 2019 15:10:37 +0100
Subject: [PATCH] [INCLUDE] Safely handle odd & large lengths in
 ProbeAndCaptureUnicodeString.

---
 sdk/include/reactos/probe.h | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sdk/include/reactos/probe.h b/sdk/include/reactos/probe.h
index 0aac83f065f..16ee4bd6e38 100644
--- a/sdk/include/reactos/probe.h
+++ b/sdk/include/reactos/probe.h
@@ -180,7 +180,18 @@ ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest,
 
                     /* Set it as the buffer */
                     Dest->Buffer = Buffer;
-                    Dest->MaximumLength = Dest->Length + sizeof(WCHAR);
+                    if (Dest->Length % sizeof(WCHAR))
+                    {
+                        Dest->Length--;
+                    }
+                    if (Dest->Length >= UNICODE_STRING_MAX_BYTES)
+                    {
+                        Dest->MaximumLength = Dest->Length;
+                    }
+                    else
+                    {
+                        Dest->MaximumLength = Dest->Length + sizeof(WCHAR);
+                    }
                 }
                 else
                 {