Commit e9945156 authored by Alexander Morozov's avatar Alexander Morozov Committed by Alexandre Julliard

ntoskrnl.exe: Initialize some IRP fields to prevent using bad pointers by IofCompleteRequest.

parent c47d0715
...@@ -153,6 +153,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff, ...@@ -153,6 +153,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
irp.UserBuffer = out_buff; irp.UserBuffer = out_buff;
irp.MdlAddress = &mdl; irp.MdlAddress = &mdl;
irp.Tail.Overlay.s.u.CurrentStackLocation = &irpsp; irp.Tail.Overlay.s.u.CurrentStackLocation = &irpsp;
irp.UserIosb = NULL;
irpsp.MajorFunction = IRP_MJ_DEVICE_CONTROL; irpsp.MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpsp.Parameters.DeviceIoControl.OutputBufferLength = *out_size; irpsp.Parameters.DeviceIoControl.OutputBufferLength = *out_size;
...@@ -160,6 +161,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff, ...@@ -160,6 +161,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
irpsp.Parameters.DeviceIoControl.IoControlCode = code; irpsp.Parameters.DeviceIoControl.IoControlCode = code;
irpsp.Parameters.DeviceIoControl.Type3InputBuffer = in_buff; irpsp.Parameters.DeviceIoControl.Type3InputBuffer = in_buff;
irpsp.DeviceObject = device; irpsp.DeviceObject = device;
irpsp.CompletionRoutine = NULL;
mdl.Next = NULL; mdl.Next = NULL;
mdl.Size = 0; mdl.Size = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment