[USBSTOR]
authorThomas Faber <thomas.faber@reactos.org>
Fri, 31 Mar 2017 09:02:43 +0000 (09:02 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Fri, 31 Mar 2017 09:02:43 +0000 (09:02 +0000)
- Addendum to r73892: Don't free the output buffer on success in USBSTOR_SendIrp. Spotted (again) by curiousone
CORE-12970 #resolve

svn path=/trunk/; revision=74245

reactos/drivers/usb/usbstor/pdo.c

index b741542..d684ef3 100644 (file)
@@ -40,7 +40,7 @@ USBSTOR_GetDeviceType(
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
-    // 
+    //
     switch (InquiryData->DeviceType)
     {
         case 1:
     switch (InquiryData->DeviceType)
     {
         case 1:
@@ -114,7 +114,7 @@ USBSTOR_GetGenericType(
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
-    // 
+    //
     switch (InquiryData->DeviceType)
     {
         case 1:
     switch (InquiryData->DeviceType)
     {
         case 1:
@@ -628,7 +628,7 @@ USBSTOR_PdoHandleQueryCompatibleId(
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
+
     USBSTOR_ConvertToUnicodeString(Buffer, Length, 0, InstanceId, &Offset);
     USBSTOR_ConvertToUnicodeString(&Buffer[Offset], Length, Offset, InstanceId, &Offset);
 
     USBSTOR_ConvertToUnicodeString(Buffer, Length, 0, InstanceId, &Offset);
     USBSTOR_ConvertToUnicodeString(&Buffer[Offset], Length, Offset, InstanceId, &Offset);
 
@@ -701,7 +701,7 @@ USBSTOR_PdoHandleQueryInstanceId(
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
+
     //
     // copy instance id
     //
     //
     // copy instance id
     //
@@ -1170,11 +1170,18 @@ USBSTOR_SendIrp(
         //
         *OutData = Request->DataBuffer;
     }
         //
         *OutData = Request->DataBuffer;
     }
+    else
+    {
+        //
+        // free the data
+        //
+        ExFreePoolWithTag(Request->DataBuffer, USB_STOR_TAG);
+        *OutData = NULL;
+    }
 
     //
     // free resources
     //
 
     //
     // free resources
     //
-    ExFreePoolWithTag(Request->DataBuffer, USB_STOR_TAG);
     ExFreePoolWithTag(Request, USB_STOR_TAG);
     IoFreeIrp(Irp);
     return Status;
     ExFreePoolWithTag(Request, USB_STOR_TAG);
     IoFreeIrp(Irp);
     return Status;
@@ -1215,7 +1222,7 @@ USBSTOR_SendInquiryIrp(
     DPRINT1("Reserved %p\n", Response->Reserved);
     DPRINT1("Vendor %c%c%c%c%c%c%c%c\n", Response->Vendor[0], Response->Vendor[1], Response->Vendor[2], Response->Vendor[3], Response->Vendor[4], Response->Vendor[5], Response->Vendor[6], Response->Vendor[7]);
     DPRINT1("Product %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n", Response->Product[0], Response->Product[1], Response->Product[2], Response->Product[3],
     DPRINT1("Reserved %p\n", Response->Reserved);
     DPRINT1("Vendor %c%c%c%c%c%c%c%c\n", Response->Vendor[0], Response->Vendor[1], Response->Vendor[2], Response->Vendor[3], Response->Vendor[4], Response->Vendor[5], Response->Vendor[6], Response->Vendor[7]);
     DPRINT1("Product %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n", Response->Product[0], Response->Product[1], Response->Product[2], Response->Product[3],
-                                                          Response->Product[4], Response->Product[5], Response->Product[6], Response->Product[7], 
+                                                          Response->Product[4], Response->Product[5], Response->Product[6], Response->Product[7],
                                                           Response->Product[8], Response->Product[9], Response->Product[10], Response->Product[11],
                                                           Response->Product[12], Response->Product[13], Response->Product[14], Response->Product[15]);
 
                                                           Response->Product[8], Response->Product[9], Response->Product[10], Response->Product[11],
                                                           Response->Product[12], Response->Product[13], Response->Product[14], Response->Product[15]);