https://git.reactos.org/?p=reactos.git;a=commitdiff;h=606e996e1fcfe9f358a1e7...
commit 606e996e1fcfe9f358a1e77f6da71bfbd845b6c6 Author: Max Korostil mrmks04@yandex.ru AuthorDate: Sun Mar 2 21:07:34 2025 +0300 Commit: GitHub noreply@github.com CommitDate: Sun Mar 2 19:07:34 2025 +0100
[UNIATA] Fix memory corruption if SCSIOP_SERVICE_ACTION16 processed. (#7717)
Reason: the size of `READ_CAPACITY16_DATA` struct in UniATA driver and ReactOS/Windows SDK were not equal.
- In UniATA driver: `sizeof(READ_CAPACITY16_DATA) == 33` (wrong); - In ReactOS/Windows SDK: `sizeof(READ_CAPACITY16_DATA) == 32` (correct).
CORE-19696 --- drivers/storage/ide/uniata/scsi.h | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/storage/ide/uniata/scsi.h b/drivers/storage/ide/uniata/scsi.h index 9d85cf14d59..9a599114da3 100644 --- a/drivers/storage/ide/uniata/scsi.h +++ b/drivers/storage/ide/uniata/scsi.h @@ -1433,7 +1433,13 @@ typedef struct _READ_CAPACITY16_DATA { UCHAR Prot_EN:1; UCHAR RTO_EN:1; UCHAR Reserved:6; +#ifdef __REACTOS__ + /* In ReactOS SDK sizeof(READ_CAPACITY16_DATA) == 32. + * Fixes CORE-19696 memory corruption on SCSIOP_SERVICE_ACTION16. */ + UCHAR Reserved1[19]; +#else UCHAR Reserved1[20]; +#endif } READ_CAPACITY16_DATA, *PREAD_CAPACITY16_DATA;
// CD ROM Read Table Of Contents (TOC) structures