[3/3] hidclass.sys: Fix memory leak in hid_device_thread.

Aric Stewart aric at codeweavers.com
Wed Oct 26 16:15:45 CDT 2016


Signed-off-by: Aric Stewart <aric at codeweavers.com>

On 10/26/16 2:55 PM, Sebastian Lackner wrote:
> Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
> ---
> 
> This patch also sets packet->reportBufferLen in the IOCTL_HID_READ_REPORT case.
> (In case the returned buffer was smaller than expected)
> 
>  dlls/hidclass.sys/device.c |   26 ++++++++------------------
>  1 file changed, 8 insertions(+), 18 deletions(-)
> 
> diff --git a/dlls/hidclass.sys/device.c b/dlls/hidclass.sys/device.c
> index 9640af2..5039e95 100644
> --- a/dlls/hidclass.sys/device.c
> +++ b/dlls/hidclass.sys/device.c
> @@ -256,6 +256,7 @@ static DWORD CALLBACK hid_device_thread(void *args)
>  
>      IRP *irp;
>      IO_STATUS_BLOCK irp_status;
> +    HID_XFER_PACKET *packet;
>      DWORD rc;
>      HANDLE events[2];
>      NTSTATUS ntrc;
> @@ -264,16 +265,16 @@ static DWORD CALLBACK hid_device_thread(void *args)
>      events[0] = CreateEventA(NULL, TRUE, FALSE, NULL);
>      events[1] = ext->halt_event;
>  
> +    packet = HeapAlloc(GetProcessHeap(), 0, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
> +    packet->reportBuffer = (BYTE *)packet + sizeof(*packet);
> +
>      if (ext->information.Polled)
>      {
>          while(1)
>          {
> -            HID_XFER_PACKET *packet;
>              ResetEvent(events[0]);
>  
> -            packet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
>              packet->reportBufferLen = ext->preparseData->caps.InputReportByteLength;
> -            packet->reportBuffer = ((BYTE*)packet) + sizeof(*packet);
>              packet->reportId = 0;
>  
>              irp = IoBuildDeviceIoControlRequest(IOCTL_HID_GET_INPUT_REPORT,
> @@ -306,22 +307,12 @@ static DWORD CALLBACK hid_device_thread(void *args)
>      {
>          INT exit_now = FALSE;
>  
> -        HID_XFER_PACKET *packet;
> -        packet = HeapAlloc(GetProcessHeap(), 0, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
> -        packet->reportBufferLen = ext->preparseData->caps.InputReportByteLength;
> -        packet->reportBuffer = ((BYTE*)packet) + sizeof(*packet);
> -        packet->reportId = 0;
> -
>          while(1)
>          {
> -            BYTE *buffer;
> -
> -            buffer = HeapAlloc(GetProcessHeap(), 0, ext->preparseData->caps.InputReportByteLength);
> -
>              ResetEvent(events[0]);
>  
>              irp = IoBuildDeviceIoControlRequest(IOCTL_HID_READ_REPORT,
> -                device, NULL, 0, buffer,
> +                device, NULL, 0, packet->reportBuffer,
>                  ext->preparseData->caps.InputReportByteLength, TRUE, NULL,
>                  &irp_status);
>  
> @@ -339,8 +330,8 @@ static DWORD CALLBACK hid_device_thread(void *args)
>  
>              if (!exit_now && irp->IoStatus.u.Status == STATUS_SUCCESS)
>              {
> -                packet->reportId = buffer[0];
> -                memcpy(packet->reportBuffer, buffer, ext->preparseData->caps.InputReportByteLength);
> +                packet->reportBufferLen = irp->IoStatus.Information;
> +                packet->reportId = packet->reportBuffer[0];
>                  RingBuffer_Write(ext->ring_buffer, packet);
>                  HID_Device_processQueue(device);
>              }
> @@ -350,10 +341,9 @@ static DWORD CALLBACK hid_device_thread(void *args)
>              if (exit_now)
>                  break;
>          }
> -
> -        HeapFree(GetProcessHeap(), 0, packet);
>      }
>  
> +    /* FIXME: releasing packet requires IRP cancellation support */
>      CloseHandle(events[0]);
>  
>      TRACE("Device thread exiting\n");
> 



More information about the wine-patches mailing list