Author: mjmartin Date: Fri Jun 25 15:50:26 2010 New Revision: 47845
URL: http://svn.reactos.org/svn/reactos?rev=47845&view=rev Log: [usbehci] - Use the correct offset of ROOTHUB2_CONFIGURATION_DESCRIPTOR and ROOTHUB2_INTERFACE_DESCRIPTOR to calculate needed buffer sizes. Fixes a buffer overflow crash.
Modified: trunk/reactos/drivers/usb/usbehci/pdo.c
Modified: trunk/reactos/drivers/usb/usbehci/pdo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/usbehci/pdo.c?r... ============================================================================== --- trunk/reactos/drivers/usb/usbehci/pdo.c [iso-8859-1] (original) +++ trunk/reactos/drivers/usb/usbehci/pdo.c [iso-8859-1] Fri Jun 25 15:50:26 2010 @@ -394,11 +394,11 @@ USB_POOL_TAG);
RootHubDevice->Configs[0] = ExAllocatePoolWithTag(NonPagedPool, - sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[5], + sizeof(USB_CONFIGURATION) + sizeof(PVOID) * ROOTHUB2_CONFIGURATION_DESCRIPTOR[4], USB_POOL_TAG);
RootHubDevice->Configs[0]->Interfaces[0] = ExAllocatePoolWithTag(NonPagedPool, - sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[3], + sizeof(USB_INTERFACE) + sizeof(PVOID) * ROOTHUB2_INTERFACE_DESCRIPTOR[4], USB_POOL_TAG);
RootHubDevice->Configs[0]->Interfaces[0]->EndPoints[0] = ExAllocatePoolWithTag(NonPagedPool,