From: "Gabriel Ivăncescu" <gabrielopcode@gmail.com>
Subject: [PATCH resend 07/12] iphlpapi: Make sure there's no gap between the ICMP_ECHO_REPLY array and the data.
Message-Id: <5c839327ad4bc514bd47f5379d7bd2a040446b58.1606139119.git.gabrielopcode@gmail.com>
Date: Mon, 23 Nov 2020 15:47:44 +0200
In-Reply-To: <b6fa2018ec68aadd49c701b34e338b9b1107ee72.1606139119.git.gabrielopcode@gmail.com>
References: <b6fa2018ec68aadd49c701b34e338b9b1107ee72.1606139119.git.gabrielopcode@gmail.com>

Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
---
 dlls/iphlpapi/icmp.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/dlls/iphlpapi/icmp.c b/dlls/iphlpapi/icmp.c
index 79fd35f..d59bb4b 100644
--- a/dlls/iphlpapi/icmp.c
+++ b/dlls/iphlpapi/icmp.c
@@ -309,6 +309,25 @@ static DWORD icmp_get_reply(int sid, unsigned char *buffer, DWORD send_time, voi
     if (res==0)
         SetLastError(IP_REQ_TIMED_OUT);
 done:
+    if (res)
+    {
+        /* Move the data so there's no gap between it and the ICMP_ECHO_REPLY array */
+        DWORD gap_size = endbuf - (char*)ier;
+
+        if (gap_size)
+        {
+            memmove(ier, endbuf, ((char*)reply_buf + reply_size) - endbuf);
+
+            /* Fix the pointers */
+            while (ier-- != reply_buf)
+            {
+                ier->Data = (char*)ier->Data - gap_size;
+                if (ier->Options.OptionsData)
+                    ier->Options.OptionsData -= gap_size;
+            }
+        }
+    }
+
     HeapFree(GetProcessHeap(), 0, buffer);
     TRACE("received %d replies\n",res);
     return res;

-- 
2.21.0