- Use the correct offset of ROOTHUB2_CONFIGURATION_DESCRIPTOR and ROOTHUB2_INTERFACE_DESCRIPTOR to calculate needed buffer sizes. Fixes a buffer overflow crash.
svn path=/trunk/; revision=47845
USB_POOL_TAG);
RootHubDevice->Configs[0] = ExAllocatePoolWithTag(NonPagedPool,
- sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[5],
+ sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[4],
USB_POOL_TAG);
RootHubDevice->Configs[0]->Interfaces[0] = ExAllocatePoolWithTag(NonPagedPool,
- sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[3],
+ sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[4],
USB_POOL_TAG);
RootHubDevice->Configs[0]->Interfaces[0]->EndPoints[0] = ExAllocatePoolWithTag(NonPagedPool,