From 5d5e9c848646fac0b502e59bce19fb4db882bbff Mon Sep 17 00:00:00 2001
From: Bartosz Brachaczek <b.brachaczek@gmail.com>
Date: Sun, 31 Mar 2019 11:27:16 +0200
Subject: [PATCH] [NTOSKRNL] Don't overflow backtrack stack buffer

CORE-15902
---
 ntoskrnl/fsrtl/dbcsname.c | 2 +-
 ntoskrnl/fsrtl/name.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/fsrtl/dbcsname.c b/ntoskrnl/fsrtl/dbcsname.c
index 306c5474b2f..d44fde9cc0d 100644
--- a/ntoskrnl/fsrtl/dbcsname.c
+++ b/ntoskrnl/fsrtl/dbcsname.c
@@ -283,7 +283,7 @@ FsRtlIsDbcsInExpression(IN PANSI_STRING Expression,
                 }
 
                 /* If buffer too small */
-                if (BackTrackingPosition > BackTrackingBufferSize - 2)
+                if (BackTrackingPosition > BackTrackingBufferSize - 3)
                 {
                     /* We should only ever get here once! */
                     ASSERT(AllocatedBuffer == NULL);
diff --git a/ntoskrnl/fsrtl/name.c b/ntoskrnl/fsrtl/name.c
index a6f0c004b7f..393815ffef5 100644
--- a/ntoskrnl/fsrtl/name.c
+++ b/ntoskrnl/fsrtl/name.c
@@ -135,7 +135,7 @@ FsRtlIsNameInExpressionPrivate(IN PUNICODE_STRING Expression,
                 }
 
                 /* If buffer too small */
-                if (BackTrackingPosition > BackTrackingBufferSize - 2)
+                if (BackTrackingPosition > BackTrackingBufferSize - 3)
                 {
                     /* We should only ever get here once! */
                     ASSERT(AllocatedBuffer == NULL);