From 34de8c3bdb32b86148319b2d982ae69d37149e1f Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Fri, 31 Mar 2017 09:02:43 +0000
Subject: [PATCH] [USBSTOR] - Addendum to r73892: Don't free the output buffer
 on success in USBSTOR_SendIrp. Spotted (again) by curiousone CORE-12970
 #resolve

svn path=/trunk/; revision=74245
---
 reactos/drivers/usb/usbstor/pdo.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/reactos/drivers/usb/usbstor/pdo.c b/reactos/drivers/usb/usbstor/pdo.c
index b741542d2b7..d684ef32b63 100644
--- a/reactos/drivers/usb/usbstor/pdo.c
+++ b/reactos/drivers/usb/usbstor/pdo.c
@@ -40,7 +40,7 @@ USBSTOR_GetDeviceType(
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
-    // 
+    //
     switch (InquiryData->DeviceType)
     {
         case 1:
@@ -114,7 +114,7 @@ USBSTOR_GetGenericType(
 
     //
     // FIXME: use constant - derived from http://en.wikipedia.org/wiki/SCSI_Peripheral_Device_Type
-    // 
+    //
     switch (InquiryData->DeviceType)
     {
         case 1:
@@ -628,7 +628,7 @@ USBSTOR_PdoHandleQueryCompatibleId(
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
- 
+
     USBSTOR_ConvertToUnicodeString(Buffer, Length, 0, InstanceId, &Offset);
     USBSTOR_ConvertToUnicodeString(&Buffer[Offset], Length, Offset, InstanceId, &Offset);
 
@@ -701,7 +701,7 @@ USBSTOR_PdoHandleQueryInstanceId(
         Irp->IoStatus.Information = 0;
         return STATUS_INSUFFICIENT_RESOURCES;
     }
- 
+
     //
     // copy instance id
     //
@@ -1170,11 +1170,18 @@ USBSTOR_SendIrp(
         //
         *OutData = Request->DataBuffer;
     }
+    else
+    {
+        //
+        // free the data
+        //
+        ExFreePoolWithTag(Request->DataBuffer, USB_STOR_TAG);
+        *OutData = NULL;
+    }
 
     //
     // free resources
     //
-    ExFreePoolWithTag(Request->DataBuffer, USB_STOR_TAG);
     ExFreePoolWithTag(Request, USB_STOR_TAG);
     IoFreeIrp(Irp);
     return Status;
@@ -1215,7 +1222,7 @@ USBSTOR_SendInquiryIrp(
     DPRINT1("Reserved %p\n", Response->Reserved);
     DPRINT1("Vendor %c%c%c%c%c%c%c%c\n", Response->Vendor[0], Response->Vendor[1], Response->Vendor[2], Response->Vendor[3], Response->Vendor[4], Response->Vendor[5], Response->Vendor[6], Response->Vendor[7]);
     DPRINT1("Product %c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n", Response->Product[0], Response->Product[1], Response->Product[2], Response->Product[3],
-                                                          Response->Product[4], Response->Product[5], Response->Product[6], Response->Product[7], 
+                                                          Response->Product[4], Response->Product[5], Response->Product[6], Response->Product[7],
                                                           Response->Product[8], Response->Product[9], Response->Product[10], Response->Product[11],
                                                           Response->Product[12], Response->Product[13], Response->Product[14], Response->Product[15]);
 
-- 
2.17.1