[vmikayelyan] 72394: hid: hidparser: Fix for CORE-11538. This commit fixes issue https://jira.reactos.org/browse/CORE-11538. There were mistakes in buffer manipulation loops. - Ros-diffs

19 Aug 2016

Author: vmikayelyan
Date: Fri Aug 19 16:57:49 2016
New Revision: 72394

URL: http://svn.reactos.org/svn/reactos?rev=72394&view=rev
Log:
hid: hidparser: Fix for CORE-11538.

This commit fixes issue https://jira.reactos.org/browse/CORE-11538.

There were mistakes in buffer manipulation loops.

Modified:
    branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c
    branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c
    branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c
    branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c

Modified: branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/drivers/hid/hidpa…
==============================================================================

--- branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c	[iso-8859-1] (original)
+++ branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c	[iso-8859-1] Fri Aug 19
16:57:49 2016
@@ -126,6 +126,29 @@
 }
 
 NTSTATUS
+TranslateStatusForUpperLayer(
+    IN HIDPARSER_STATUS Status)
+{
+    //
+    // now we are handling only this values, for others just return
+    // status as it is.
+    //
+    switch (Status)
+    {
+    case HIDPARSER_STATUS_INSUFFICIENT_RESOURCES:
+        return STATUS_INSUFFICIENT_RESOURCES;
+    case HIDPARSER_STATUS_INVALID_REPORT_TYPE:
+        return HIDP_STATUS_INVALID_REPORT_TYPE;
+    case HIDPARSER_STATUS_BUFFER_TOO_SMALL:
+        return STATUS_BUFFER_TOO_SMALL;
+    case HIDPARSER_STATUS_COLLECTION_NOT_FOUND:
+        return STATUS_NO_DATA_DETECTED;
+    default:
+        return Status;
+    }
+}
+
+NTSTATUS
 NTAPI
 HidP_GetCollectionDescription(
     IN PHIDP_REPORT_DESCRIPTOR ReportDesc,
@@ -134,6 +157,7 @@
     OUT PHIDP_DEVICE_DESC DeviceDescription)
 {
     HID_PARSER Parser;
+    NTSTATUS Status;
 
     //
     // init parser
@@ -143,7 +167,8 @@
     //
     // get description;
     //
-    return HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength,
PoolType, DeviceDescription);
+    Status = HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength,
PoolType, DeviceDescription);
+    return TranslateStatusForUpperLayer(Status);
 }
 
 HIDAPI

Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/h…
==============================================================================
--- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c	[iso-8859-1] (original)
+++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c	[iso-8859-1] Fri Aug 19
16:57:49 2016
@@ -163,7 +163,7 @@
         //
         // store offset
         //
-        TargetCollection->Offsets[Collection->NodeCount + Index] = CurrentOffset;
+        TargetCollection->Offsets[Collection->ReportCount + Index] =
CurrentOffset;
 
         //
         // store sub collections
@@ -254,7 +254,7 @@
         //
         // get collection
         //
-        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData +
Collection->Offsets[Collection->NodeCount + Index]);
+        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData +
Collection->Offsets[Collection->ReportCount + Index]);
 
         //
         // recursively search collection
@@ -314,7 +314,7 @@
         //
         // get offset to sub collection
         //
-        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData +
Collection->Offsets[Collection->NodeCount + Index]);
+        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData +
Collection->Offsets[Collection->ReportCount + Index]);
 
         //
         // count collection for sub nodes

Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/h…
==============================================================================
--- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c	[iso-8859-1] (original)
+++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c	[iso-8859-1] Fri Aug 19
16:57:49 2016
@@ -68,7 +68,7 @@
         // failed to parse report descriptor
         //
         Parser->Debug("[HIDPARSER] Failed to parse report descriptor with
%x\n", ParserStatus);
-        return TranslateHidParserStatus(ParserStatus);
+        return ParserStatus;
     }
 
     //
@@ -126,7 +126,9 @@
             //
             // no memory
             //
-            return TranslateHidParserStatus(ParserStatus);
+            Parser->Free(DeviceDescription->CollectionDesc);
+            Parser->Free(DeviceDescription->ReportIDs);
+            return ParserStatus;
         }
 
         //
@@ -153,6 +155,13 @@
         // get collection usage page
         //
         ParserStatus =
HidParser_GetCollectionUsagePage((PVOID)DeviceDescription->CollectionDesc[Index].PreparsedData,
&DeviceDescription->CollectionDesc[Index].Usage,
&DeviceDescription->CollectionDesc[Index].UsagePage);
+        if (ParserStatus != HIDPARSER_STATUS_SUCCESS)
+        {
+            // collection not found
+            Parser->Free(DeviceDescription->CollectionDesc);
+            Parser->Free(DeviceDescription->ReportIDs);
+            return ParserStatus;
+        }
 
         //
         // windows seems to prepend the report id, regardless if it is required

Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/h…
==============================================================================
--- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c	[iso-8859-1] (original)
+++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c	[iso-8859-1] Fri Aug 19
16:57:49 2016
@@ -712,30 +712,6 @@
     //
     return HIDPARSER_STATUS_SUCCESS;
 }
-
-HIDPARSER_STATUS
-AllocateParserContext(
-    IN PHID_PARSER Parser,
-    OUT PHID_PARSER_CONTEXT *OutParserContext)
-{
-    PHID_PARSER_CONTEXT ParserContext;
-
-    ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT));
-    if (!ParserContext)
-    {
-        //
-        // failed
-        //
-        return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
-    }
-
-    //
-    // store result
-    //
-    *OutParserContext = ParserContext;
-    return HIDPARSER_STATUS_SUCCESS;
-}
-
 
 HIDPARSER_STATUS
 HidParser_ParseReportDescriptor(
@@ -760,12 +736,18 @@
     PMAIN_ITEM_DATA MainItemData;
     PHID_PARSER_CONTEXT ParserContext;
 
+    CurrentOffset = ReportDescriptor;
+    ReportEnd = ReportDescriptor + ReportLength;
+
+    if (ReportDescriptor >= ReportEnd)
+        return HIDPARSER_STATUS_COLLECTION_NOT_FOUND;
+
     //
     // allocate parser
     //
-    Status = AllocateParserContext(Parser, &ParserContext);
-    if (Status != HIDPARSER_STATUS_SUCCESS)
-        return Status;
+    ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT));;
+    if (!ParserContext)
+        return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
 
 
     //
@@ -778,6 +760,7 @@
         //
         // no memory
         //
+        Parser->Free(ParserContext);
         return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
     }
 
@@ -792,6 +775,7 @@
         //
         Parser->Free(ParserContext->LocalItemState.UsageStack);
         ParserContext->LocalItemState.UsageStack = NULL;
+        Parser->Free(ParserContext);
         return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
     }
 
@@ -799,8 +783,6 @@
     // start parsing
     //
     CurrentCollection = ParserContext->RootCollection;
-    CurrentOffset = ReportDescriptor;
-    ReportEnd = ReportDescriptor + ReportLength;
 
     do
     {
@@ -1230,8 +1212,7 @@
         //
         CurrentOffset += CurrentItemSize + sizeof(ITEM_PREFIX);
 
-
-    }while(CurrentOffset < ReportEnd);
+    }while (CurrentOffset < ReportEnd);
 
 
     //



    