On Sat, Oct 17, 2015 at 03:31:24PM +0200, Sebastian Lackner wrote:
On 17.10.2015 14:52, Marcus Meissner wrote:
1327477 Wrong sizeof argument
Signed-off-by: Marcus Meissner marcus@jet.franken.de
dlls/hidclass.sys/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/hidclass.sys/device.c b/dlls/hidclass.sys/device.c index e7e7e11..dcc7d3c 100644 --- a/dlls/hidclass.sys/device.c +++ b/dlls/hidclass.sys/device.c @@ -277,7 +277,7 @@ static DWORD CALLBACK hid_device_thread(void *args) packet->reportId = 0;
irp = IoBuildDeviceIoControlRequest(IOCTL_HID_GET_INPUT_REPORT,
device, NULL, 0, packet, sizeof(packet), TRUE, events[0],
device, NULL, 0, packet, sizeof(*packet)+ext->preparseData->caps.InputReportByteLength, TRUE, events[0], &irp_status); irpsp = IoGetNextIrpStackLocation(irp);This looks wrong, you have to allocate a separate buffer, and then copy it (like in the code below). I don't know why some of these buffers are HEAP_ZERO_MEMORY though, and others not? Adding Aric, he might want to review this part again, especially since Coverity detected more issues in this code (unnecessary assignment of "rc" for example).
something seems wrong though here, yes.
rc issue is "CID 1327478 Unused value"
Ciao, Marcus