[ros-dev] RE: [ros-svn] [ion] 17417: Remove all non-official LPCstructures/defines/hardcoded hacks, and use actual correct sizes and structures.

17 Aug 2005

...
  From: ion(a)svn.reactos.com

 Remove all non-official LPC structures/defines/hardcoded 
 hacks, and use actual correct sizes and structures. 
This breaks a simple boot.
ntoskrnl/include/internal/port.h previously defined QUEUEDMESSAGE as:

typedef struct _QUEUEDMESSAGE
{
  PEPORT        Sender;
  LIST_ENTRY    QueueListEntry;
  PORT_MESSAGE  Message;
  UCHAR         MessageData [MAX_MESSAGE_DATA];
} QUEUEDMESSAGE,  *PQUEUEDMESSAGE;

r17417 removed the MessageData member.
Now in ntoskrnl/lpc/reply.c function EiReplyOrRequestPort() line 52:

memcpy(&MessageReply->Message, LpcReply, LpcReply->u1.s1.TotalLength);

writes outside allocated memory (MessageReply is a PQUEUEDMESSAGE,
LpcReply->u1.s1.TotalLength is 292). This causes a subsequent ExFreePool to
generate a page fault.

Gé van Geldorp.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-dev] RE: [ros-svn] [ion] 17417: Remove all non-official LPCstructures/defines/hardcoded hacks, and use actual correct sizes and structures.