Author: vmikayelyan Date: Fri Aug 19 16:57:49 2016 New Revision: 72394 URL: http://svn.reactos.org/svn/reactos?rev=72394&view=rev Log: hid: hidparser: Fix for CORE-11538.
This commit fixes issue https://jira.reactos.org/browse/CORE-11538. There were mistakes in buffer manipulation loops. Modified: branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c Modified: branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c?rev=72394&r1=72393&r2=72394&view=diff ============================================================================== --- branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c [iso-8859-1] (original) +++ branches/GSoC_2016/USB/drivers/hid/hidparse/hidparse.c [iso-8859-1] Fri Aug 19 16:57:49 2016 @@ -126,6 +126,29 @@ } NTSTATUS +TranslateStatusForUpperLayer( + IN HIDPARSER_STATUS Status) +{ + // + // now we are handling only this values, for others just return + // status as it is. + // + switch (Status) + { + case HIDPARSER_STATUS_INSUFFICIENT_RESOURCES: + return STATUS_INSUFFICIENT_RESOURCES; + case HIDPARSER_STATUS_INVALID_REPORT_TYPE: + return HIDP_STATUS_INVALID_REPORT_TYPE; + case HIDPARSER_STATUS_BUFFER_TOO_SMALL: + return STATUS_BUFFER_TOO_SMALL; + case HIDPARSER_STATUS_COLLECTION_NOT_FOUND: + return STATUS_NO_DATA_DETECTED; + default: + return Status; + } +} + +NTSTATUS NTAPI HidP_GetCollectionDescription( IN PHIDP_REPORT_DESCRIPTOR ReportDesc, @@ -134,6 +157,7 @@ OUT PHIDP_DEVICE_DESC DeviceDescription) { HID_PARSER Parser; + NTSTATUS Status; // // init parser @@ -143,7 +167,8 @@ // // get description; // - return HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength, PoolType, DeviceDescription); + Status = HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength, PoolType, DeviceDescription); + return TranslateStatusForUpperLayer(Status); } HIDAPI Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c?rev=72394&r1=72393&r2=72394&view=diff ============================================================================== --- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c [iso-8859-1] (original) +++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/context.c [iso-8859-1] Fri Aug 19 16:57:49 2016 @@ -163,7 +163,7 @@ // // store offset // - TargetCollection->Offsets[Collection->NodeCount + Index] = CurrentOffset; + TargetCollection->Offsets[Collection->ReportCount + Index] = CurrentOffset; // // store sub collections @@ -254,7 +254,7 @@ // // get collection // - SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->NodeCount + Index]); + SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->ReportCount + Index]); // // recursively search collection @@ -314,7 +314,7 @@ // // get offset to sub collection // - SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->NodeCount + Index]); + SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->ReportCount + Index]); // // count collection for sub nodes Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c?rev=72394&r1=72393&r2=72394&view=diff ============================================================================== --- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c [iso-8859-1] (original) +++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/hidparser.c [iso-8859-1] Fri Aug 19 16:57:49 2016 @@ -68,7 +68,7 @@ // failed to parse report descriptor // Parser->Debug("[HIDPARSER] Failed to parse report descriptor with %x\n", ParserStatus); - return TranslateHidParserStatus(ParserStatus); + return ParserStatus; } // @@ -126,7 +126,9 @@ // // no memory // - return TranslateHidParserStatus(ParserStatus); + Parser->Free(DeviceDescription->CollectionDesc); + Parser->Free(DeviceDescription->ReportIDs); + return ParserStatus; } // @@ -153,6 +155,13 @@ // get collection usage page // ParserStatus = HidParser_GetCollectionUsagePage((PVOID)DeviceDescription->CollectionDesc[Index].PreparsedData, &DeviceDescription->CollectionDesc[Index].Usage, &DeviceDescription->CollectionDesc[Index].UsagePage); + if (ParserStatus != HIDPARSER_STATUS_SUCCESS) + { + // collection not found + Parser->Free(DeviceDescription->CollectionDesc); + Parser->Free(DeviceDescription->ReportIDs); + return ParserStatus; + } // // windows seems to prepend the report id, regardless if it is required Modified: branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c?rev=72394&r1=72393&r2=72394&view=diff ============================================================================== --- branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c [iso-8859-1] (original) +++ branches/GSoC_2016/USB/sdk/lib/drivers/hidparser/parser.c [iso-8859-1] Fri Aug 19 16:57:49 2016 @@ -712,30 +712,6 @@ // return HIDPARSER_STATUS_SUCCESS; } - -HIDPARSER_STATUS -AllocateParserContext( - IN PHID_PARSER Parser, - OUT PHID_PARSER_CONTEXT *OutParserContext) -{ - PHID_PARSER_CONTEXT ParserContext; - - ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT)); - if (!ParserContext) - { - // - // failed - // - return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES; - } - - // - // store result - // - *OutParserContext = ParserContext; - return HIDPARSER_STATUS_SUCCESS; -} - HIDPARSER_STATUS HidParser_ParseReportDescriptor( @@ -760,12 +736,18 @@ PMAIN_ITEM_DATA MainItemData; PHID_PARSER_CONTEXT ParserContext; + CurrentOffset = ReportDescriptor; + ReportEnd = ReportDescriptor + ReportLength; + + if (ReportDescriptor >= ReportEnd) + return HIDPARSER_STATUS_COLLECTION_NOT_FOUND; + // // allocate parser // - Status = AllocateParserContext(Parser, &ParserContext); - if (Status != HIDPARSER_STATUS_SUCCESS) - return Status; + ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT));; + if (!ParserContext) + return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES; // @@ -778,6 +760,7 @@ // // no memory // + Parser->Free(ParserContext); return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES; } @@ -792,6 +775,7 @@ // Parser->Free(ParserContext->LocalItemState.UsageStack); ParserContext->LocalItemState.UsageStack = NULL; + Parser->Free(ParserContext); return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES; } @@ -799,8 +783,6 @@ // start parsing // CurrentCollection = ParserContext->RootCollection; - CurrentOffset = ReportDescriptor; - ReportEnd = ReportDescriptor + ReportLength; do { @@ -1230,8 +1212,7 @@ // CurrentOffset += CurrentItemSize + sizeof(ITEM_PREFIX); - - }while(CurrentOffset < ReportEnd); + }while (CurrentOffset < ReportEnd); //
