[3/3] hidclass.sys: Fix memory leak in hid_device_thread.
Aric Stewart
aric at codeweavers.com
Wed Oct 26 16:15:45 CDT 2016
Signed-off-by: Aric Stewart <aric at codeweavers.com>
On 10/26/16 2:55 PM, Sebastian Lackner wrote:
> Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
> ---
>
> This patch also sets packet->reportBufferLen in the IOCTL_HID_READ_REPORT case.
> (In case the returned buffer was smaller than expected)
>
> dlls/hidclass.sys/device.c | 26 ++++++++------------------
> 1 file changed, 8 insertions(+), 18 deletions(-)
>
> diff --git a/dlls/hidclass.sys/device.c b/dlls/hidclass.sys/device.c
> index 9640af2..5039e95 100644
> --- a/dlls/hidclass.sys/device.c
> +++ b/dlls/hidclass.sys/device.c
> @@ -256,6 +256,7 @@ static DWORD CALLBACK hid_device_thread(void *args)
>
> IRP *irp;
> IO_STATUS_BLOCK irp_status;
> + HID_XFER_PACKET *packet;
> DWORD rc;
> HANDLE events[2];
> NTSTATUS ntrc;
> @@ -264,16 +265,16 @@ static DWORD CALLBACK hid_device_thread(void *args)
> events[0] = CreateEventA(NULL, TRUE, FALSE, NULL);
> events[1] = ext->halt_event;
>
> + packet = HeapAlloc(GetProcessHeap(), 0, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
> + packet->reportBuffer = (BYTE *)packet + sizeof(*packet);
> +
> if (ext->information.Polled)
> {
> while(1)
> {
> - HID_XFER_PACKET *packet;
> ResetEvent(events[0]);
>
> - packet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
> packet->reportBufferLen = ext->preparseData->caps.InputReportByteLength;
> - packet->reportBuffer = ((BYTE*)packet) + sizeof(*packet);
> packet->reportId = 0;
>
> irp = IoBuildDeviceIoControlRequest(IOCTL_HID_GET_INPUT_REPORT,
> @@ -306,22 +307,12 @@ static DWORD CALLBACK hid_device_thread(void *args)
> {
> INT exit_now = FALSE;
>
> - HID_XFER_PACKET *packet;
> - packet = HeapAlloc(GetProcessHeap(), 0, sizeof(*packet) + ext->preparseData->caps.InputReportByteLength);
> - packet->reportBufferLen = ext->preparseData->caps.InputReportByteLength;
> - packet->reportBuffer = ((BYTE*)packet) + sizeof(*packet);
> - packet->reportId = 0;
> -
> while(1)
> {
> - BYTE *buffer;
> -
> - buffer = HeapAlloc(GetProcessHeap(), 0, ext->preparseData->caps.InputReportByteLength);
> -
> ResetEvent(events[0]);
>
> irp = IoBuildDeviceIoControlRequest(IOCTL_HID_READ_REPORT,
> - device, NULL, 0, buffer,
> + device, NULL, 0, packet->reportBuffer,
> ext->preparseData->caps.InputReportByteLength, TRUE, NULL,
> &irp_status);
>
> @@ -339,8 +330,8 @@ static DWORD CALLBACK hid_device_thread(void *args)
>
> if (!exit_now && irp->IoStatus.u.Status == STATUS_SUCCESS)
> {
> - packet->reportId = buffer[0];
> - memcpy(packet->reportBuffer, buffer, ext->preparseData->caps.InputReportByteLength);
> + packet->reportBufferLen = irp->IoStatus.Information;
> + packet->reportId = packet->reportBuffer[0];
> RingBuffer_Write(ext->ring_buffer, packet);
> HID_Device_processQueue(device);
> }
> @@ -350,10 +341,9 @@ static DWORD CALLBACK hid_device_thread(void *args)
> if (exit_now)
> break;
> }
> -
> - HeapFree(GetProcessHeap(), 0, packet);
> }
>
> + /* FIXME: releasing packet requires IRP cancellation support */
> CloseHandle(events[0]);
>
> TRACE("Device thread exiting\n");
>
More information about the wine-patches
mailing list