[PATCH] hidclass.sys: fixed size passed IOCTL_HID_GET_INPUT_REPORT (Coverity)
marcus at jet.franken.de
Sat Oct 17 08:34:19 CDT 2015
On Sat, Oct 17, 2015 at 03:31:24PM +0200, Sebastian Lackner wrote:
> On 17.10.2015 14:52, Marcus Meissner wrote:
> > 1327477 Wrong sizeof argument
> > Signed-off-by: Marcus Meissner <marcus at jet.franken.de>
> > ---
> > dlls/hidclass.sys/device.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > diff --git a/dlls/hidclass.sys/device.c b/dlls/hidclass.sys/device.c
> > index e7e7e11..dcc7d3c 100644
> > --- a/dlls/hidclass.sys/device.c
> > +++ b/dlls/hidclass.sys/device.c
> > @@ -277,7 +277,7 @@ static DWORD CALLBACK hid_device_thread(void *args)
> > packet->reportId = 0;
> > irp = IoBuildDeviceIoControlRequest(IOCTL_HID_GET_INPUT_REPORT,
> > - device, NULL, 0, packet, sizeof(packet), TRUE, events,
> > + device, NULL, 0, packet, sizeof(*packet)+ext->preparseData->caps.InputReportByteLength, TRUE, events,
> > &irp_status);
> > irpsp = IoGetNextIrpStackLocation(irp);
> This looks wrong, you have to allocate a separate buffer, and then copy it (like in the code below).
> I don't know why some of these buffers are HEAP_ZERO_MEMORY though, and others not? Adding Aric, he
> might want to review this part again, especially since Coverity detected more issues in this code
> (unnecessary assignment of "rc" for example).
something seems wrong though here, yes.
rc issue is "CID 1327478 Unused value"
More information about the wine-devel