Skip to content

W
wine-winehq
Commit 6d3b3aab authored by Rémi Bernon's avatar Rémi Bernon Committed by Alexandre Julliard
Browse files
Options

winebus.sys: Initialize last_report length and buffer.

Fixes a regression from e9c3c494 where although we use the last report length, it was only initialized after the first corresponding report was received. Calling HidD_GetInputReport before that could cause a buffer overlow and report invalid data. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52068Signed-off-by: 's avatarRémi Bernon <rbernon@codeweavers.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent 598efc65
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 3 deletions
dlls/winebus.sys/main.c
View file @ 6d3b3aab
......@@ -444,8 +444,6 @@ static void process_hid_report(DEVICE_OBJECT *device, BYTE *report_buf, DWORD re
if (!ext->collection_desc.ReportIDs[0].ReportID) last_report = ext->last_reports[0];
else last_report = ext->last_reports[report_buf[0]];
last_report->length = report_len;
memcpy(last_report->buffer, report_buf, report_len);
if ((irp = pop_pending_read(ext)))
......@@ -861,7 +859,13 @@ static NTSTATUS pdo_pnp_dispatch(DEVICE_OBJECT *device, IRP *irp)
{
if (!(size = reports[i].InputLength)) continue;
size = offsetof( struct hid_report, buffer[size] );
if (!(ext->last_reports[reports[i].ReportID] = RtlAllocateHeap(GetProcessHeap(), 0, size))) status = STATUS_NO_MEMORY;
if (!(report = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, size))) status = STATUS_NO_MEMORY;
else
{
report->length = reports[i].InputLength;
report->buffer[0] = reports[i].ReportID;
ext->last_reports[reports[i].ReportID] = report;
}
}
if (!status) ext->state = DEVICE_STATE_STARTED;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment