[USBPORT] Avoid a benign integer overflow in USBHI_QueryDeviceInformation (CID 1419219).

author Thomas Faber <thomas.faber@reactos.org>

Wed, 11 Oct 2017 15:59:43 +0000 (17:59 +0200)

committer Thomas Faber <ThFabba@users.noreply.github.com>

Fri, 13 Oct 2017 21:36:29 +0000 (23:36 +0200)
author Thomas Faber <thomas.faber@reactos.org>
Wed, 11 Oct 2017 15:59:43 +0000 (17:59 +0200)
committer Thomas Faber <ThFabba@users.noreply.github.com>
Fri, 13 Oct 2017 21:36:29 +0000 (23:36 +0200)
diff --git a/drivers/usb/usbport/iface.c b/drivers/usb/usbport/iface.c

index 39f42e7..4e56811 100644 (file)
--- a/drivers/usb/usbport/iface.c
+++ b/drivers/usb/usbport/iface.c
@@ -211,8 +211,8 @@ USBHI_QueryDeviceInformation(IN PVOID BusContext,
          }
      }
  
-    ActualLength = sizeof(USB_DEVICE_INFORMATION_0) + 
-                   (NumberOfOpenPipes - 1) * sizeof(USB_PIPE_INFORMATION_0);
+    ActualLength = FIELD_OFFSET(USB_DEVICE_INFORMATION_0, PipeList) + 
+                   NumberOfOpenPipes * sizeof(USB_PIPE_INFORMATION_0);
  
      if (DeviceInfoBufferLen < ActualLength)
      {
author	Thomas Faber <thomas.faber@reactos.org>
	Wed, 11 Oct 2017 15:59:43 +0000 (17:59 +0200)
committer	Thomas Faber <ThFabba@users.noreply.github.com>
	Fri, 13 Oct 2017 21:36:29 +0000 (23:36 +0200)