[vbox-dev] some errors with ActualLength in VBoxUsbLib-win.cpp

Huihong Luo Mon, 20 Feb 2012 11:54:38 -0800

I spotted a few bugs: (possibly a few other places)
 
if (DeviceIoControl(hHub, IOCTL_USB_GET_NODE_CONNECTION_DRIVERKEY_NAME, pName, 
Name.ActualLength, pName, Name.ActualLength, &cbReturned, NULL))
{
rc = RTUtf16ToUtf8Ex((PCRTUTF16)pName->DriverKeyName, pName->ActualLength, 
plpszName, 0, NULL);
 
}
 
all length inside UNICODE_STRING refers to bytes in microsoft impl, this is the 
link:
 
http://msdn.microsoft.com/en-us/library/windows/hardware/ff540085(v=vs.85).aspx
 
so pName->ActualLength may cause buffer overflow, and needs to be divided by 2:
 
rc = RTUtf16ToUtf8Ex((PCRTUTF16)pName->DriverKeyName, 
pName->ActualLength/sizeof(WCHAR), plpszName, 0, NULL);
 
 
Other files might contain same errors, pls check.

_______________________________________________
vbox-dev mailing list
[email protected]
https://www.virtualbox.org/mailman/listinfo/vbox-dev

[vbox-dev] some errors with ActualLength in VBoxUsbLib-win.cpp

Reply via email to