14 Feb
2017
14 Feb
'17
12:02 a.m.
On 2017-02-13 23:38, ekohl(a)svn.reactos.org wrote:
+ _SEH2_TRY
+ {
+ Relations = RelationsData->Relations;
+ BufferSize = RelationsData->BufferSize;
+ Buffer = RelationsData->Buffer;
+
+ ProbeForWrite(RelationsData->Buffer,
+ RelationsData->BufferSize,
+ sizeof(CHAR));
+ }
You need to use the local 'Buffer' and 'BufferSize' variables in the
probe or you get a race condition.
+ Status = IopInitiatePnpIrp(DeviceObject,
+ &IoStatusBlock,
+ IRP_MN_QUERY_DEVICE_RELATIONS,
+ &Stack);
+ if (!NT_SUCCESS(Status) || Status == STATUS_PENDING)
+ {
+ DPRINT1("IopInitiatePnpIrp() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
Failing on STATUS_PENDING seems broken. IoStatusBlock will go out of
scope and the DeviceRelations set by the driver will be leaked.
+ if (RequiredSize > 0)
+ RequiredSize += sizeof(WCHAR);
Not sure I understand the >0 condition.
Best,
Thomas