[ros-diffs] [tfaber] 63778: [KS] - Use correct buffer size in KspStartBusDevice. Spotted by Víctor Martínez - Avoid wcscpy in kernel mode while we're at it

Wed, 30 Jul 2014 00:52:27 -0700 

Author: tfaber
Date: Wed Jul 30 07:50:28 2014
New Revision: 63778

URL: http://svn.reactos.org/svn/reactos?rev=63778&view=rev
Log:
[KS]
- Use correct buffer size in KspStartBusDevice. Spotted by Víctor Martínez
- Avoid wcscpy in kernel mode while we're at it

Modified:
    trunk/reactos/drivers/ksfilter/ks/precomp.h
    trunk/reactos/drivers/ksfilter/ks/swenum.c

Modified: trunk/reactos/drivers/ksfilter/ks/precomp.h
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/ksfilter/ks/precomp.h?rev=63778&r1=63777&r2=63778&view=diff
==============================================================================
--- trunk/reactos/drivers/ksfilter/ks/precomp.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/ksfilter/ks/precomp.h [iso-8859-1] Wed Jul 30 
07:50:28 2014
@@ -7,6 +7,7 @@
 #include <portcls.h>
 #include <kcom.h>
 #include <pseh/pseh2.h>
+#include <ntstrsafe.h>
 
 #include "ksiface.h"
 #include "kstypes.h"

Modified: trunk/reactos/drivers/ksfilter/ks/swenum.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/ksfilter/ks/swenum.c?rev=63778&r1=63777&r2=63778&view=diff
==============================================================================
--- trunk/reactos/drivers/ksfilter/ks/swenum.c  [iso-8859-1] (original)
+++ trunk/reactos/drivers/ksfilter/ks/swenum.c  [iso-8859-1] Wed Jul 30 
07:50:28 2014
@@ -757,12 +757,13 @@
     NTSTATUS Status;
     ULONG ResultLength;
     LPWSTR Name;
+    ULONG NameLength;
     PBUS_DEVICE_ENTRY DeviceEntry;
 
     /* FIXME handle pending remove */
 
     /* get full device name */
-    Status = IoGetDeviceProperty(DeviceObject, 
DevicePropertyPhysicalDeviceObjectName, sizeof(PDOName), (PVOID)PDOName, 
&ResultLength);
+    Status = IoGetDeviceProperty(DeviceObject, 
DevicePropertyPhysicalDeviceObjectName, sizeof(PDOName), PDOName, 
&ResultLength);
 
     if (!NT_SUCCESS(Status))
     {
@@ -771,7 +772,8 @@
     }
 
     /* allocate device name buffer */
-    Name = AllocateItem(NonPagedPool, (ResultLength + 1) * sizeof(WCHAR));
+    NameLength = ResultLength + sizeof(UNICODE_NULL);
+    Name = AllocateItem(NonPagedPool, NameLength);
     if (!Name)
     {
         /* no memory */
@@ -779,7 +781,7 @@
     }
 
     /* copy name */
-    wcscpy(Name, PDOName);
+    NT_VERIFY(NT_SUCCESS(RtlStringCbCopyW(Name, NameLength, PDOName)));
 
     /* TODO: time stamp creation time */

Reply via email to