From d8695eee1e92a7f2bdcdbc638d1372fcb8fe1a5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?=
 <hermes.belusca-maito@reactos.org>
Date: Tue, 22 Aug 2023 20:41:02 +0200
Subject: [PATCH] [NTOS:MM] Add missing validation of Ordinal in
 MiLocateExportName (#4918)

---
 ntoskrnl/mm/ARM3/sysldr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c
index 89f394bddb5..c5f42ca582d 100644
--- a/ntoskrnl/mm/ARM3/sysldr.c
+++ b/ntoskrnl/mm/ARM3/sysldr.c
@@ -304,6 +304,9 @@ MiLocateExportName(IN PVOID DllBase,
     /* Check if we couldn't find it */
     if (Ordinal == -1) return NULL;
 
+    /* Validate the ordinal */
+    if (Ordinal >= ExportDirectory->NumberOfFunctions) return NULL;
+
     /* Resolve the address and write it */
     ExportTable = (PULONG)((ULONG_PTR)DllBase +
                            ExportDirectory->AddressOfFunctions);