Author: mjmartin Date: Fri Jan 16 08:33:45 2009 New Revision: 38790 URL: http://svn.reactos.org/svn/reactos?rev=38790&view=rev Log: - create.c: All instances of a pipe must be the same pipe mode as when first instance was created. Clients start of in byte stream mode, regardless of the pipe's mode. - finfo.c: NPFS does not allow changing read mode to message for byte stream mode pipes. - rw.c: The format in which data is in the pipe's buffer is based on the pipe mode vice read mode. Implement reads in byte stream mode for pipes using message mode. Fixed a bug that could caused buffer data to be corrupted due to incorrect calc of WritePtr position. - fsctrl.c: Return buffer from NpfsPeekPipe if caller requested. Use a mutex before reading the pipe's buffer. Return the correct length in Irp info. Modified: trunk/reactos/drivers/filesystems/npfs/create.c trunk/reactos/drivers/filesystems/npfs/finfo.c trunk/reactos/drivers/filesystems/npfs/fsctrl.c trunk/reactos/drivers/filesystems/npfs/rw.c Modified: trunk/reactos/drivers/filesystems/npfs/create.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/c… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/create.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/create.c [iso-8859-1] Fri Jan 16 08:33:45 2009 @@ -373,9 +373,9 @@ return STATUS_INSTANCE_NOT_AVAILABLE; } - /* FIXME: Check pipe modes also! */ if (Fcb->MaximumInstances != Buffer->MaximumInstances || - Fcb->TimeOut.QuadPart != Buffer->DefaultTimeout.QuadPart) + Fcb->TimeOut.QuadPart != Buffer->DefaultTimeout.QuadPart || + Fcb->PipeType != Buffer->NamedPipeType) { DPRINT("Asked for invalid pipe mode.\n"); ExFreePool(Ccb); @@ -388,6 +388,7 @@ { NewPipe = TRUE; Fcb = ExAllocatePool(NonPagedPool, sizeof(NPFS_FCB)); + if (Fcb == NULL) { KeUnlockMutex(&DeviceExt->PipeListLock); @@ -420,8 +421,11 @@ KeInitializeMutex(&Fcb->CcbListLock, 0); Fcb->PipeType = Buffer->NamedPipeType; - Fcb->WriteMode = Buffer->ReadMode; - Fcb->ReadMode = Buffer->ReadMode; + /* FIXME: Verify which is correct */ + Fcb->WriteMode = Buffer->ReadMode;//Buffer->NamedPipeType; + /* MSDN documentation read that clients always start off in byte mode */ + Fcb->ReadMode = FILE_PIPE_BYTE_STREAM_MODE; + Fcb->CompletionMode = Buffer->CompletionMode; switch (IoStack->Parameters.CreatePipe.ShareAccess & (FILE_SHARE_READ|FILE_SHARE_WRITE)) { @@ -737,6 +741,10 @@ DPRINT("Client\n"); } + /* Disconnect the pipes */ + if (Ccb->OtherSide) Ccb->OtherSide->OtherSide = NULL; + if (Ccb) Ccb->OtherSide = NULL; + ASSERT(Ccb->PipeState == FILE_PIPE_CLOSING_STATE); FileObject->FsContext2 = NULL; Modified: trunk/reactos/drivers/filesystems/npfs/finfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/f… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/finfo.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/finfo.c [iso-8859-1] Fri Jan 16 08:33:45 2009 @@ -29,6 +29,12 @@ /* Get the Pipe and data */ Fcb = Ccb->Fcb; Request = (PFILE_PIPE_INFORMATION)Info; + + if ((Fcb->PipeType == FILE_PIPE_BYTE_STREAM_MODE) && (Request->ReadMode == FILE_PIPE_MESSAGE_MODE)) + { + DPRINT("Cannot change readmode to message type on a byte type pipe!\n"); + return STATUS_ACCESS_DENIED; + } /* Set Pipe Data */ Fcb->ReadMode = Request->ReadMode; Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/f… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] Fri Jan 16 08:33:45 2009 @@ -202,7 +202,7 @@ { Server = (Ccb->PipeEnd == FILE_PIPE_SERVER_END); OtherSide = Ccb->OtherSide; - Ccb->OtherSide = NULL; + //Ccb->OtherSide = NULL; Ccb->PipeState = FILE_PIPE_DISCONNECTED_STATE; /* Lock the server first */ if (Server) @@ -216,7 +216,7 @@ ExAcquireFastMutex(&Ccb->DataListLock); } OtherSide->PipeState = FILE_PIPE_DISCONNECTED_STATE; - OtherSide->OtherSide = NULL; + //OtherSide->OtherSide = NULL; /* * Signaling the write event. If is possible that an other * thread waits for an empty buffer. @@ -365,6 +365,7 @@ PIO_STACK_LOCATION IoStack) { ULONG OutputBufferLength; + ULONG ReturnLength = 0; PFILE_PIPE_PEEK_BUFFER Reply; PNPFS_FCB Fcb; PNPFS_CCB Ccb; @@ -396,11 +397,21 @@ Reply->ReadDataAvailable = Ccb->ReadDataAvailable; DPRINT("ReadDataAvailable: %lu\n", Ccb->ReadDataAvailable); - if (Ccb->Fcb->ReadMode == FILE_PIPE_BYTE_STREAM_MODE) + ExAcquireFastMutex(&Ccb->DataListLock); + BufferPtr = Ccb->Data; + DPRINT("BufferPtr = %x\n", BufferPtr); + if (Ccb->Fcb->PipeType == FILE_PIPE_BYTE_STREAM_MODE) { DPRINT("Byte Stream Mode\n"); Reply->MessageLength = Ccb->ReadDataAvailable; - DPRINT("Reply->MessageLength %d\n",Reply->MessageLength ); + DPRINT("Reply->MessageLength %lu\n",Reply->MessageLength ); + MessageCount = 1; + ReturnLength = Ccb->ReadDataAvailable; + + if (Reply->Data[0] && (OutputBufferLength >= ReturnLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]))) + { + memcpy(&Reply->Data[0], (PVOID)BufferPtr, Ccb->ReadDataAvailable); + } } else { @@ -410,7 +421,7 @@ if (ReadDataAvailable > 0) { memcpy(&Reply->MessageLength,Ccb->Data,sizeof(ULONG)); - BufferPtr = Ccb->Data; + /* NOTE: Modifying the structure in header file to keep track of NumberOfMessage would be better */ while ((ReadDataAvailable > 0) && (BufferPtr < Ccb->WritePtr)) { @@ -418,34 +429,37 @@ ASSERT(MessageLength > 0); - DPRINT("MessageLength = %d\n",MessageLength); + DPRINT("MessageLength = %lu\n",MessageLength); MessageCount++; ReadDataAvailable -= MessageLength; /* If its the first message, copy the Message if the size of buffer is large enough */ - if ((MessageCount==1) && (Reply->Data[0]) - && (OutputBufferLength >= (sizeof(FILE_PIPE_PEEK_BUFFER) + MessageLength))) + if (MessageCount==1) { - memcpy(&Reply->Data[0], (PVOID)((ULONG)BufferPtr + sizeof(MessageLength)), MessageLength); + ReturnLength = MessageLength; + if ((Reply->Data[0]) + && (OutputBufferLength >= (MessageLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])))) + { + memcpy(&Reply->Data[0], (PVOID)((ULONG)BufferPtr + sizeof(MessageLength)), MessageLength); + } } BufferPtr =(PVOID)((ULONG)BufferPtr + MessageLength + sizeof(MessageLength)); - DPRINT("Message %d\n",MessageCount); + DPRINT("BufferPtr = %x\n", BufferPtr); DPRINT("ReadDataAvailable: %lu\n", ReadDataAvailable); } if (ReadDataAvailable != 0) { - DPRINT1("This should never happen! Possible memory corruption.\n"); - return STATUS_UNSUCCESSFUL; + DPRINT1("Possible memory corruption.\n"); + ASSERT(FALSE); } } } + ExReleaseFastMutex(&Ccb->DataListLock); Reply->NumberOfMessages = MessageCount; - if (MessageCount > 0) - Reply->Data[0] = 0; - - Irp->IoStatus.Information = OutputBufferLength; + + Irp->IoStatus.Information = ReturnLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]); Irp->IoStatus.Status = STATUS_SUCCESS; Status = STATUS_SUCCESS; Modified: trunk/reactos/drivers/filesystems/npfs/rw.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/r… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/rw.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/rw.c [iso-8859-1] Fri Jan 16 08:33:45 2009 @@ -16,7 +16,6 @@ /* FUNCTIONS *****************************************************************/ -#ifndef NDEBUG VOID HexDump(PUCHAR Buffer, ULONG Length) { CHAR Line[65]; @@ -42,7 +41,6 @@ } DbgPrint("---------------\n"); } -#endif static DRIVER_CANCEL NpfsReadWriteCancelRoutine; static VOID NTAPI @@ -360,7 +358,6 @@ Irp->RequestorMode, FALSE, NULL); - if ((Status == STATUS_USER_APC) || (Status == STATUS_KERNEL_APC)) { Status = STATUS_CANCELLED; @@ -449,7 +446,7 @@ Irp->RequestorMode, FALSE, NULL); - DPRINT("Finished waiting (%wZ)! Status: %x\n", &Ccb->Fcb->PipeName, Status); + DPRINT("Finished waiting (%wZ)! Status: %x\n", &Ccb->Fcb->PipeName, Status); if ((Status == STATUS_USER_APC) || (Status == STATUS_KERNEL_APC)) { @@ -480,9 +477,11 @@ } } ASSERT(IoGetCurrentIrpStackLocation(Irp)->FileObject != NULL); - if (Ccb->Fcb->ReadMode == FILE_PIPE_BYTE_STREAM_MODE) - { - DPRINT("Byte stream mode\n"); + + /* If the pipe type and read mode are both byte stream */ + if ((Ccb->Fcb->PipeType == FILE_PIPE_BYTE_STREAM_MODE) && (Ccb->Fcb->ReadMode == FILE_PIPE_BYTE_STREAM_MODE)) + { + DPRINT("Byte stream mode: Ccb->Data %x\n", Ccb->Data); /* Byte stream mode */ while (Length > 0 && Ccb->ReadDataAvailable > 0) { @@ -522,115 +521,135 @@ break; } } - else - { - DPRINT("Message mode\n"); - - /* For Message mode, the Message length will be stored in the buffer preceeding the Message. */ - if (Ccb->ReadDataAvailable) - { - ULONG NextMessageLength=0; - //HexDump(Ccb->Data, (ULONG)Ccb->WritePtr - (ULONG)Ccb->Data); - /*First get the size of the message */ - memcpy(&NextMessageLength, Ccb->Data, sizeof(NextMessageLength)); - if ((NextMessageLength == 0) || (NextMessageLength > Ccb->ReadDataAvailable)) + else if (Ccb->Fcb->PipeType == FILE_PIPE_MESSAGE_MODE) + { + ULONG ThisCopyLength = 0; + ULONG TotalLengthNeeded = min(Length, Ccb->ReadDataAvailable); + + DPRINT("Message mode: Ccb>Data %x\n", Ccb->Data); + + do + { + Buffer = (PVOID)((ULONG_PTR)Buffer + ThisCopyLength); + + /* For Message mode, the Message length will be stored in the buffer preceeding the Message. */ + if (Ccb->ReadDataAvailable) { - DPRINT1("This should never happen! Possible memory corruption.\n"); -#ifndef NDEBUG - HexDump(Ccb->Data, (ULONG)Ccb->WritePtr - (ULONG)Ccb->Data); -#endif - ASSERT(FALSE); - } - - /* Use the smaller value */ - - CopyLength = min(NextMessageLength, Length); - - /* retrieve the message from the buffer */ - memcpy(Buffer, (PVOID)((ULONG)Ccb->Data + sizeof(NextMessageLength)), CopyLength); - - - if (Ccb->ReadDataAvailable > CopyLength) - { - if (CopyLength < NextMessageLength) + ULONG NextMessageLength = 0; + + /*First get the size of the message */ + memcpy(&NextMessageLength, Ccb->Data, sizeof(NextMessageLength)); + + if ((NextMessageLength == 0) || (NextMessageLength > Ccb->ReadDataAvailable)) { - /* Client only requested part of the message */ - - /* Calculate the remaining message new size */ - ULONG NewMessageSize = NextMessageLength-CopyLength; - - /* Write a new Message size to buffer for the part of the message still there */ - memcpy(Ccb->Data, &NewMessageSize, sizeof(NewMessageSize)); - - /* Move the memory starting from end of partial Message just retrieved */ - memmove((PVOID)((ULONG_PTR)Ccb->Data + sizeof(NewMessageSize)), - (PVOID)((ULONG_PTR) Ccb->Data + CopyLength + sizeof(NewMessageSize)), - (ULONG)Ccb->WritePtr - ((ULONG)Ccb->Data + sizeof(NewMessageSize)) - CopyLength); - - /* Update the write pointer */ - Ccb->WritePtr = (PVOID)((ULONG)Ccb->WritePtr - CopyLength); - - /* Add CopyLength only to WriteQuotaAvailable as the - Message Size was replaced in the buffer */ - Ccb->WriteQuotaAvailable += CopyLength; + DPRINT("Possible memory corruption.\n"); + HexDump(Ccb->Data, (ULONG_PTR)Ccb->WritePtr - (ULONG_PTR)Ccb->Data); + ASSERT(FALSE); + } + + /* Use the smaller value */ + ThisCopyLength = min(NextMessageLength, Length); + + /* retrieve the message from the buffer */ + memcpy(Buffer, (PVOID)((ULONG_PTR)Ccb->Data + sizeof(NextMessageLength)), ThisCopyLength); + + if (Ccb->ReadDataAvailable > ThisCopyLength) + { + if (ThisCopyLength < NextMessageLength) + { + /* Client only requested part of the message */ + + /* Calculate the remaining message new size */ + ULONG NewMessageSize = NextMessageLength-ThisCopyLength; + + /* Write a new Message size to buffer for the part of the message still there */ + memcpy(Ccb->Data, &NewMessageSize, sizeof(NewMessageSize)); + + /* Move the memory starting from end of partial Message just retrieved */ + memmove((PVOID)((ULONG_PTR)Ccb->Data + sizeof(NewMessageSize)), + (PVOID)((ULONG_PTR)Ccb->Data + ThisCopyLength + sizeof(NewMessageSize)), + (ULONG_PTR)Ccb->WritePtr - ((ULONG_PTR)Ccb->Data + sizeof(NewMessageSize)) - + ThisCopyLength); + + /* Update the write pointer */ + Ccb->WritePtr = (PVOID)((ULONG_PTR)Ccb->WritePtr - ThisCopyLength); + + /* Add ThisCopyLength only to WriteQuotaAvailable as the + Message Size was replaced in the buffer */ + Ccb->WriteQuotaAvailable += ThisCopyLength; + } + else + { + /* Client wanted the entire message */ + + /* Move the memory starting from the next Message just retrieved */ + memmove(Ccb->Data, + (PVOID)((ULONG_PTR) Ccb->Data + NextMessageLength + sizeof(NextMessageLength)), + (ULONG_PTR)Ccb->WritePtr - (ULONG_PTR)Ccb->Data - NextMessageLength - + sizeof(NextMessageLength)); + + /* Update the write pointer */ + Ccb->WritePtr = (PVOID)((ULONG_PTR)Ccb->WritePtr - ThisCopyLength - + sizeof(NextMessageLength)); + + /* Add both the message length and the header to the WriteQuotaAvailable + as they both were removed */ + Ccb->WriteQuotaAvailable += (ThisCopyLength + sizeof(NextMessageLength)); + } } else { - /* Client wanted the entire message */ - - /* Move the memory starting from the next Message just retrieved */ - memmove(Ccb->Data, - (PVOID)((ULONG_PTR) Ccb->Data + NextMessageLength + sizeof(NextMessageLength)), - (ULONG)Ccb->WritePtr - (ULONG)Ccb->Data - NextMessageLength - sizeof(NextMessageLength)); - - /* Update the write pointer */ - Ccb->WritePtr = (PVOID)((ULONG)Ccb->WritePtr - NextMessageLength); + /* This was the last Message, so just zero this messages for safety sake */ + memset(Ccb->Data, 0, NextMessageLength + sizeof(NextMessageLength)); + + /* reset the write pointer to beginning of buffer */ + Ccb->WritePtr = Ccb->Data; /* Add both the message length and the header to the WriteQuotaAvailable as they both were removed */ - Ccb->WriteQuotaAvailable += (CopyLength + sizeof(NextMessageLength)); + Ccb->WriteQuotaAvailable += (ThisCopyLength + sizeof(ULONG)); + + KeResetEvent(&Ccb->ReadEvent); + if (Ccb->PipeState == FILE_PIPE_CONNECTED_STATE) + { + KeSetEvent(&Ccb->OtherSide->WriteEvent, IO_NO_INCREMENT, FALSE); + } } +#ifndef NDEBUG + DPRINT("Length %d Buffer %x\n",ThisCopyLength,Buffer); + HexDump((PUCHAR)Buffer, ThisCopyLength); +#endif + + Information += ThisCopyLength; + + Ccb->ReadDataAvailable -= ThisCopyLength; + + if ((ULONG)Ccb->WriteQuotaAvailable > (ULONG)Ccb->MaxDataLength) ASSERT(FALSE); } - else - { - /* This was the last Message, so just zero this messages for safety sake */ - memset(Ccb->Data,0,NextMessageLength + sizeof(NextMessageLength)); - - /* reset the write pointer to beginning of buffer */ - Ccb->WritePtr = Ccb->Data; - - /* Add both the message length and the header to the WriteQuotaAvailable - as they both were removed */ - Ccb->WriteQuotaAvailable += (CopyLength + sizeof(ULONG)); - - KeResetEvent(&Ccb->ReadEvent); - if (Ccb->PipeState == FILE_PIPE_CONNECTED_STATE) - { - KeSetEvent(&Ccb->OtherSide->WriteEvent, IO_NO_INCREMENT, FALSE); - } - } -#ifndef NDEBUG - DPRINT("Length %d Buffer %x\n",CopyLength,Buffer); - HexDump((PUCHAR)Buffer, CopyLength); -#endif - - Information += CopyLength; - - Ccb->ReadDataAvailable -= CopyLength; - - if ((ULONG)Ccb->WriteQuotaAvailable > (ULONG)Ccb->MaxDataLength) ASSERT(FALSE); - } + + }while ((ThisCopyLength < TotalLengthNeeded) + && (Ccb->Fcb->ReadMode == FILE_PIPE_BYTE_STREAM_MODE) + && (Ccb->ReadDataAvailable)); + if (Information > 0) { break; } + } + else + { + DPRINT1("Unhandled Pipe Mode with Read Mode!\n"); + ASSERT(FALSE); } } Irp->IoStatus.Information = Information; Irp->IoStatus.Status = Status; ASSERT(IoGetCurrentIrpStackLocation(Irp)->FileObject != NULL); + + if (Status == STATUS_CANCELLED) + goto done; if (IoIsOperationSynchronous(Irp)) { @@ -718,15 +737,15 @@ if (Irp->MdlAddress == NULL) { - DPRINT1("Irp->MdlAddress == NULL\n"); + DPRINT("Irp->MdlAddress == NULL\n"); Status = STATUS_UNSUCCESSFUL; Length = 0; goto done; } - if (ReaderCcb == NULL) - { - DPRINT1("Pipe is NOT connected!\n"); + if ((ReaderCcb == NULL) || (Ccb->PipeState != FILE_PIPE_CONNECTED_STATE)) + { + DPRINT("Pipe is NOT connected!\n"); if (Ccb->PipeState == FILE_PIPE_LISTENING_STATE) Status = STATUS_PIPE_LISTENING; else if (Ccb->PipeState == FILE_PIPE_DISCONNECTED_STATE) @@ -739,7 +758,7 @@ if (ReaderCcb->Data == NULL) { - DPRINT1("Pipe is NOT writable!\n"); + DPRINT("Pipe is NOT writable!\n"); Status = STATUS_UNSUCCESSFUL; Length = 0; goto done; @@ -749,6 +768,7 @@ Buffer = MmGetSystemAddressForMdl (Irp->MdlAddress); ExAcquireFastMutex(&ReaderCcb->DataListLock); + #ifndef NDEBUG DPRINT("Length %d Buffer %x Offset %x\n",Length,Buffer,Offset); HexDump(Buffer, Length); @@ -774,7 +794,7 @@ FALSE, NULL); DPRINT("Write Finished waiting (%S)! Status: %x\n", Fcb->PipeName.Buffer, Status); - ExAcquireFastMutex(&ReaderCcb->DataListLock); + if ((Status == STATUS_USER_APC) || (Status == STATUS_KERNEL_APC)) { Status = STATUS_CANCELLED; @@ -792,14 +812,14 @@ { DPRINT("PipeState: %x\n", Ccb->PipeState); Status = STATUS_PIPE_BROKEN; - // ExReleaseFastMutex(&ReaderCcb->DataListLock); goto done; } - } - - if (Fcb->WriteMode == FILE_PIPE_BYTE_STREAM_MODE) - { - DPRINT("Byte stream mode\n"); + ExAcquireFastMutex(&ReaderCcb->DataListLock); + } + + if ((Ccb->Fcb->PipeType == FILE_PIPE_BYTE_STREAM_MODE) && (Ccb->Fcb->WriteMode == FILE_PIPE_BYTE_STREAM_MODE)) + { + DPRINT("Byte stream mode: Ccb->Data %x, Ccb->WritePtr %x\n", ReaderCcb->Data, ReaderCcb->WritePtr); while (Length > 0 && ReaderCcb->WriteQuotaAvailable > 0) { @@ -816,7 +836,10 @@ } else { - TempLength = (ULONG)((ULONG_PTR)ReaderCcb->Data + ReaderCcb->MaxDataLength - (ULONG_PTR)ReaderCcb->WritePtr); + + TempLength = (ULONG)((ULONG_PTR)ReaderCcb->Data + ReaderCcb->MaxDataLength - + (ULONG_PTR)ReaderCcb->WritePtr); + memcpy(ReaderCcb->WritePtr, Buffer, TempLength); memcpy(ReaderCcb->Data, Buffer + TempLength, CopyLength - TempLength); ReaderCcb->WritePtr = (PVOID)((ULONG_PTR)ReaderCcb->Data + CopyLength - TempLength); @@ -837,33 +860,38 @@ break; } } - else + else if ((Ccb->Fcb->PipeType == FILE_PIPE_MESSAGE_MODE) && (Ccb->Fcb->WriteMode == FILE_PIPE_MESSAGE_MODE)) { /* For Message Type Pipe, the Pipes memory will be used to store the size of each message */ - /* FIXME: Check and verify ReadMode ByteStream */ - + DPRINT("Message mode: Ccb->Data %x, Ccb->WritePtr %x\n",ReaderCcb->Data, ReaderCcb->WritePtr); if (Length > 0) { /* Verify the WritePtr is still inside the buffer */ - if (((ULONG)ReaderCcb->WritePtr > ((ULONG)ReaderCcb->Data + (ULONG)ReaderCcb->MaxDataLength)) || - ((ULONG)ReaderCcb->WritePtr < (ULONG)ReaderCcb->Data)) + if (((ULONG_PTR)ReaderCcb->WritePtr > ((ULONG_PTR)ReaderCcb->Data + (ULONG_PTR)ReaderCcb->MaxDataLength)) || + ((ULONG_PTR)ReaderCcb->WritePtr < (ULONG_PTR)ReaderCcb->Data)) { DPRINT1("NPFS is writing out of its buffer. Report to developer!\n"); - DPRINT1("ReaderCcb->WritePtr %x, ReaderCcb->Data %x, ReaderCcb->MaxDataLength%d\n", - ReaderCcb->WritePtr,ReaderCcb->Data,ReaderCcb->MaxDataLength); + DPRINT1("ReaderCcb->WritePtr %x, ReaderCcb->Data %x, ReaderCcb->MaxDataLength %lu\n", + ReaderCcb->WritePtr, ReaderCcb->Data, ReaderCcb->MaxDataLength); ASSERT(FALSE); } CopyLength = min(Length, ReaderCcb->WriteQuotaAvailable - sizeof(ULONG)); + if (CopyLength > ReaderCcb->WriteQuotaAvailable) + { + DPRINT1("Writing %lu byte to pipe would overflow as only %lu bytes are available\n", + CopyLength, ReaderCcb->ReadDataAvailable); + ASSERT(FALSE); + } /* First Copy the Length of the message into the pipes buffer */ memcpy(ReaderCcb->WritePtr, &CopyLength, sizeof(CopyLength)); /* Now the user buffer itself */ - memcpy((PVOID)((ULONG)ReaderCcb->WritePtr+ sizeof(CopyLength)), Buffer, CopyLength); + memcpy((PVOID)((ULONG_PTR)ReaderCcb->WritePtr + sizeof(CopyLength)), Buffer, CopyLength); /* Update the write pointer */ - ReaderCcb->WritePtr = (PVOID)((ULONG)ReaderCcb->WritePtr + sizeof(CopyLength) + CopyLength); + ReaderCcb->WritePtr = (PVOID)((ULONG_PTR)ReaderCcb->WritePtr + sizeof(CopyLength) + CopyLength); Information += CopyLength; @@ -871,7 +899,7 @@ ReaderCcb->WriteQuotaAvailable -= (CopyLength + sizeof(ULONG)); - if ((ULONG)ReaderCcb->WriteQuotaAvailable > (ULONG)ReaderCcb->MaxDataLength) + if ((ULONG_PTR)ReaderCcb->WriteQuotaAvailable > (ULONG)ReaderCcb->MaxDataLength) { DPRINT1("QuotaAvailable is greater than buffer size!\n"); ASSERT(FALSE); @@ -885,6 +913,11 @@ break; } } + else + { + DPRINT1("Unhandled Pipe Type Mode and Read Write Mode!\n"); + ASSERT(FALSE); + } } ExReleaseFastMutex(&ReaderCcb->DataListLock);