- Fix a buffer overrun that caused a BSOD with ACPI enabled on Hyper-V
- Dynamically allocate the hardware ID buffer to prevent another HID overrun
- Switched sprintf to snprintf to prevent this from happening to another ID
svn path=/trunk/; revision=63344
char *uid = NULL;
ACPI_PNP_DEVICE_ID_LIST *cid_list = NULL;
int i = 0;
char *uid = NULL;
ACPI_PNP_DEVICE_ID_LIST *cid_list = NULL;
int i = 0;
- char static_uid_buffer[5];
+ acpi_unique_id static_uid_buffer;
if (!child)
return_VALUE(AE_BAD_PARAMETER);
if (!child)
return_VALUE(AE_BAD_PARAMETER);
*/
switch (type) {
case ACPI_BUS_TYPE_SYSTEM:
*/
switch (type) {
case ACPI_BUS_TYPE_SYSTEM:
- sprintf(device->pnp.bus_id, "%s", "ACPI");
+ snprintf(device->pnp.bus_id, sizeof(device->pnp.bus_id), "%s", "ACPI");
break;
case ACPI_BUS_TYPE_POWER_BUTTONF:
case ACPI_BUS_TYPE_POWER_BUTTON:
break;
case ACPI_BUS_TYPE_POWER_BUTTONF:
case ACPI_BUS_TYPE_POWER_BUTTON:
- sprintf(device->pnp.bus_id, "%s", "PWRF");
+ snprintf(device->pnp.bus_id, sizeof(device->pnp.bus_id), "%s", "PWRF");
break;
case ACPI_BUS_TYPE_SLEEP_BUTTONF:
case ACPI_BUS_TYPE_SLEEP_BUTTON:
break;
case ACPI_BUS_TYPE_SLEEP_BUTTONF:
case ACPI_BUS_TYPE_SLEEP_BUTTON:
- sprintf(device->pnp.bus_id, "%s", "SLPF");
+ snprintf(device->pnp.bus_id, sizeof(device->pnp.bus_id), "%s", "SLPF");
break;
default:
buffer.Length = sizeof(bus_id);
break;
default:
buffer.Length = sizeof(bus_id);
- sprintf(device->pnp.bus_id, "%s", bus_id);
+ snprintf(device->pnp.bus_id, sizeof(device->pnp.bus_id), "%s", bus_id);
buffer.Pointer = NULL;
/* HACK: Skip HPET */
buffer.Pointer = NULL;
/* HACK: Skip HPET */
case ACPI_BUS_TYPE_POWER:
hid = ACPI_POWER_HID;
uid = static_uid_buffer;
case ACPI_BUS_TYPE_POWER:
hid = ACPI_POWER_HID;
uid = static_uid_buffer;
- sprintf(uid, "%d", (PowerDeviceCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (PowerDeviceCount++));
break;
case ACPI_BUS_TYPE_PROCESSOR:
hid = ACPI_PROCESSOR_HID;
uid = static_uid_buffer;
break;
case ACPI_BUS_TYPE_PROCESSOR:
hid = ACPI_PROCESSOR_HID;
uid = static_uid_buffer;
- sprintf(uid, "_%d", (ProcessorCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "_%d", (ProcessorCount++));
break;
case ACPI_BUS_TYPE_SYSTEM:
hid = ACPI_SYSTEM_HID;
break;
case ACPI_BUS_TYPE_SYSTEM:
hid = ACPI_SYSTEM_HID;
case ACPI_BUS_TYPE_THERMAL:
hid = ACPI_THERMAL_HID;
uid = static_uid_buffer;
case ACPI_BUS_TYPE_THERMAL:
hid = ACPI_THERMAL_HID;
uid = static_uid_buffer;
- sprintf(uid, "%d", (ThermalZoneCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (ThermalZoneCount++));
break;
case ACPI_BUS_TYPE_POWER_BUTTON:
hid = ACPI_BUTTON_HID_POWER;
uid = static_uid_buffer;
break;
case ACPI_BUS_TYPE_POWER_BUTTON:
hid = ACPI_BUTTON_HID_POWER;
uid = static_uid_buffer;
- sprintf(uid, "%d", (PowerButtonCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (PowerButtonCount++));
break;
case ACPI_BUS_TYPE_POWER_BUTTONF:
hid = ACPI_BUTTON_HID_POWERF;
uid = static_uid_buffer;
break;
case ACPI_BUS_TYPE_POWER_BUTTONF:
hid = ACPI_BUTTON_HID_POWERF;
uid = static_uid_buffer;
- sprintf(uid, "%d", (FixedPowerButtonCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (FixedPowerButtonCount++));
break;
case ACPI_BUS_TYPE_SLEEP_BUTTON:
hid = ACPI_BUTTON_HID_SLEEP;
uid = static_uid_buffer;
break;
case ACPI_BUS_TYPE_SLEEP_BUTTON:
hid = ACPI_BUTTON_HID_SLEEP;
uid = static_uid_buffer;
- sprintf(uid, "%d", (SleepButtonCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (SleepButtonCount++));
break;
case ACPI_BUS_TYPE_SLEEP_BUTTONF:
hid = ACPI_BUTTON_HID_SLEEPF;
uid = static_uid_buffer;
break;
case ACPI_BUS_TYPE_SLEEP_BUTTONF:
hid = ACPI_BUTTON_HID_SLEEPF;
uid = static_uid_buffer;
- sprintf(uid, "%d", (FixedSleepButtonCount++));
+ snprintf(uid, sizeof(static_uid_buffer), "%d", (FixedSleepButtonCount++));
*/
if (((ACPI_HANDLE)parent == ACPI_ROOT_OBJECT) && (type == ACPI_BUS_TYPE_DEVICE)) {
hid = ACPI_BUS_HID;
*/
if (((ACPI_HANDLE)parent == ACPI_ROOT_OBJECT) && (type == ACPI_BUS_TYPE_DEVICE)) {
hid = ACPI_BUS_HID;
- sprintf(device->pnp.device_name, "%s", ACPI_BUS_DEVICE_NAME);
- sprintf(device->pnp.device_class, "%s", ACPI_BUS_CLASS);
+ snprintf(device->pnp.device_name, sizeof(device->pnp.device_name), "%s", ACPI_BUS_DEVICE_NAME);
+ snprintf(device->pnp.device_class, sizeof(device->pnp.device_class), "%s", ACPI_BUS_CLASS);
- sprintf(device->pnp.hardware_id, "%s", hid);
- device->flags.hardware_id = 1;
+ device->pnp.hardware_id = ExAllocatePoolWithTag(NonPagedPool, strlen(hid) + 1, 'IPCA');
+ if (device->pnp.hardware_id) {
+ snprintf(device->pnp.hardware_id, strlen(hid) + 1, "%s", hid);
+ device->flags.hardware_id = 1;
+ }
- sprintf(device->pnp.unique_id, "%s", uid);
+ snprintf(device->pnp.unique_id, sizeof(device->pnp.unique_id), "%s", uid);
device->flags.unique_id = 1;
}
device->flags.unique_id = 1;
}
if (device->pnp.cid_list) {
ExFreePoolWithTag(device->pnp.cid_list, 'IPCA');
}
if (device->pnp.cid_list) {
ExFreePoolWithTag(device->pnp.cid_list, 'IPCA');
}
+ if (device->pnp.hardware_id) {
+ ExFreePoolWithTag(device->pnp.hardware_id, 'IPCA');
+ }
ExFreePoolWithTag(device, 'IPCA');
return_VALUE(result);
}
ExFreePoolWithTag(device, 'IPCA');
return_VALUE(result);
}
acpi_device_unregister(device);
acpi_device_unregister(device);
- if (device && device->pnp.cid_list)
+ if (device->pnp.cid_list)
ExFreePoolWithTag(device->pnp.cid_list, 'IPCA');
ExFreePoolWithTag(device->pnp.cid_list, 'IPCA');
+ if (device->pnp.hardware_id)
+ ExFreePoolWithTag(device->pnp.hardware_id, 'IPCA');
+
if (device)
ExFreePoolWithTag(device, 'IPCA');
if (device)
ExFreePoolWithTag(device, 'IPCA');
-typedef char acpi_bus_id[20];
+typedef char acpi_bus_id[8];
typedef unsigned long acpi_bus_address;
typedef unsigned long acpi_bus_address;
-typedef char acpi_hardware_id[20];
-typedef char acpi_unique_id[20];
+typedef char *acpi_hardware_id;
+typedef char acpi_unique_id[9];
typedef char acpi_device_name[40];
typedef char acpi_device_class[20];
typedef char acpi_device_name[40];
typedef char acpi_device_class[20];
projects / reactos.git / commitdiff