RE: [ros-svn] [ion] 17417: Remove all non-official LPCstructures/defines/hardcoded hacks, and use actual correct sizes and structures.
17 Aug
2005
17 Aug
'05
4:38 p.m.
From: ion(a)svn.reactos.com
Remove all non-official LPC structures/defines/hardcoded
hacks, and use actual correct sizes and structures.
This breaks a simple boot.
ntoskrnl/include/internal/port.h previously defined QUEUEDMESSAGE as:
typedef struct _QUEUEDMESSAGE
{
PEPORT Sender;
LIST_ENTRY QueueListEntry;
PORT_MESSAGE Message;
UCHAR MessageData [MAX_MESSAGE_DATA];
} QUEUEDMESSAGE, *PQUEUEDMESSAGE;
r17417 removed the MessageData member.
Now in ntoskrnl/lpc/reply.c function EiReplyOrRequestPort() line 52:
memcpy(&MessageReply->Message, LpcReply, LpcReply->u1.s1.TotalLength);
writes outside allocated memory (MessageReply is a PQUEUEDMESSAGE,
LpcReply->u1.s1.TotalLength is 292). This causes a subsequent ExFreePool to
generate a page fault.
Gé van Geldorp.
6973
days inactive
6973
days old
0 comments
1 participants
participants (1)
-
Ge van Geldorp