[ros-diffs] [reactos] 01/01: [KS] Fix bug in KsStreamIo (#4663)

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d96b3cd45c888d7e37c92… commit d96b3cd45c888d7e37c9207dbb44321fc47bfec9 Author: Oleg Dubinskiy <oleg.dubinskij30(a)gmail.com> AuthorDate: Fri Oct 6 12:36:09 2023 +0200 Commit: GitHub <noreply(a)github.com> CommitDate: Fri Oct 6 12:36:09 2023 +0200 [KS] Fix bug in KsStreamIo (#4663) Properly set output buffer length in IO Stack Location of the current IRP, since it is passed to KsProbeStreamIrp when calling KsStreamIo, so it fails if the length isn't set properly. Don't set an input buffer length and the buffer itself, since it isn't passed anywhere, so setting it makes no sense. Moreover, MSDN says that for IOCTL_KS_READ/WRITE_STREAM, only output buffer (and its length) is needed to be set, but not an input one. So it indeed is more correct. It fixes buffer overflow in KsProbeStreamIrp when attempting to perform the streaming via KsStreamIo. I discovered this bug during my audio refactoring from PR #4660. --- drivers/ksfilter/ks/irp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/ksfilter/ks/irp.c b/drivers/ksfilter/ks/irp.c index ab5d1b21523..91302e67299 100644 --- a/drivers/ksfilter/ks/irp.c +++ b/drivers/ksfilter/ks/irp.c @@ -634,8 +634,7 @@ KsStreamIo( IoStack = IoGetNextIrpStackLocation(Irp); /* setup stack parameters */ IoStack->FileObject = FileObject; - IoStack->Parameters.DeviceIoControl.InputBufferLength = Length; - IoStack->Parameters.DeviceIoControl.Type3InputBuffer = StreamHeaders; + IoStack->Parameters.DeviceIoControl.OutputBufferLength = Length; IoStack->Parameters.DeviceIoControl.IoControlCode = (Flags == KSSTREAM_READ ? IOCTL_KS_READ_STREAM : IOCTL_KS_WRITE_STREAM); if (CompletionRoutine)