ntoskrnl.exe: Initialize some IRP fields to prevent using bad pointers by IofCompleteRequest.
Alexander Morozov
amorozov at etersoft.ru
Thu Oct 16 03:08:58 CDT 2008
This fixes the regression reported in Bug 15551.
-------------- next part --------------
From 77ff35b10b22c75416690306c85d59e6af0f9b25 Mon Sep 17 00:00:00 2001
From: Alexander Morozov <amorozov at etersoft.ru>
Date: Thu, 16 Oct 2008 12:06:23 +0400
Subject: [PATCH] ntoskrnl.exe: Initialize some IRP fields to prevent using bad pointers by IofCompleteRequest.
---
dlls/ntoskrnl.exe/ntoskrnl.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
index 1ed3040..4a20d5e 100644
--- a/dlls/ntoskrnl.exe/ntoskrnl.c
+++ b/dlls/ntoskrnl.exe/ntoskrnl.c
@@ -153,6 +153,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
irp.UserBuffer = out_buff;
irp.MdlAddress = &mdl;
irp.Tail.Overlay.s.u.CurrentStackLocation = &irpsp;
+ irp.UserIosb = NULL;
irpsp.MajorFunction = IRP_MJ_DEVICE_CONTROL;
irpsp.Parameters.DeviceIoControl.OutputBufferLength = *out_size;
@@ -160,6 +161,7 @@ static NTSTATUS process_ioctl( DEVICE_OBJECT *device, ULONG code, void *in_buff,
irpsp.Parameters.DeviceIoControl.IoControlCode = code;
irpsp.Parameters.DeviceIoControl.Type3InputBuffer = in_buff;
irpsp.DeviceObject = device;
+ irpsp.CompletionRoutine = NULL;
mdl.Next = NULL;
mdl.Size = 0;
--
1.5.6.5.GIT
More information about the wine-patches
mailing list