On 17.10.2015 14:52, Marcus Meissner wrote:
1327477 Wrong sizeof argument
Signed-off-by: Marcus Meissner marcus@jet.franken.de
dlls/hidclass.sys/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/hidclass.sys/device.c b/dlls/hidclass.sys/device.c index e7e7e11..dcc7d3c 100644 --- a/dlls/hidclass.sys/device.c +++ b/dlls/hidclass.sys/device.c @@ -277,7 +277,7 @@ static DWORD CALLBACK hid_device_thread(void *args) packet->reportId = 0;
irp = IoBuildDeviceIoControlRequest(IOCTL_HID_GET_INPUT_REPORT,
device, NULL, 0, packet, sizeof(packet), TRUE, events[0],
device, NULL, 0, packet, sizeof(*packet)+ext->preparseData->caps.InputReportByteLength, TRUE, events[0], &irp_status); irpsp = IoGetNextIrpStackLocation(irp);
This looks wrong, you have to allocate a separate buffer, and then copy it (like in the code below). I don't know why some of these buffers are HEAP_ZERO_MEMORY though, and others not? Adding Aric, he might want to review this part again, especially since Coverity detected more issues in this code (unnecessary assignment of "rc" for example).