projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: c3b4cac)
[usbehci]
authorMichael Martin <michael.martin@reactos.org>
Fri, 25 Jun 2010 15:50:26 +0000 (15:50 +0000)
committerMichael Martin <michael.martin@reactos.org>
Fri, 25 Jun 2010 15:50:26 +0000 (15:50 +0000)
- Use the correct offset of ROOTHUB2_CONFIGURATION_DESCRIPTOR and ROOTHUB2_INTERFACE_DESCRIPTOR to calculate needed buffer sizes. Fixes a buffer overflow crash.

svn path=/trunk/; revision=47845

reactos/drivers/usb/usbehci/pdo.c patch | blob | history

diff --git a/reactos/drivers/usb/usbehci/pdo.c b/reactos/drivers/usb/usbehci/pdo.c
index cf84911..d0cf307 100644 (file)
--- a/reactos/drivers/usb/usbehci/pdo.c
+++ b/reactos/drivers/usb/usbehci/pdo.c
@@ -394,11 +394,11 @@ PdoDispatchPnp(
                                                             USB_POOL_TAG);
 
             RootHubDevice->Configs[0] = ExAllocatePoolWithTag(NonPagedPool,
-                                                            sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[5],
+                                                            sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[4],
                                                             USB_POOL_TAG);
 
             RootHubDevice->Configs[0]->Interfaces[0] = ExAllocatePoolWithTag(NonPagedPool,
-                                                            sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[3],
+                                                            sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[4],
                                                             USB_POOL_TAG);
 
             RootHubDevice->Configs[0]->Interfaces[0]->EndPoints[0] = ExAllocatePoolWithTag(NonPagedPool,
A free Windows-compatible Operating System