Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-05-30 09:11:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

[KS] Fix bug in KsStreamIo (#4663)

Browse source 
Properly set output buffer length in IO Stack Location of the current IRP, since it is passed to KsProbeStreamIrp when calling KsStreamIo, so it fails if the length isn't set properly.

Don't set an input buffer length and the buffer itself, since it isn't passed anywhere, so setting it makes no sense. Moreover, MSDN says that for IOCTL_KS_READ/WRITE_STREAM, only output buffer (and its length) is needed to be set, but not an input one. So it indeed is more correct.

It fixes buffer overflow in KsProbeStreamIrp when attempting to perform the streaming via KsStreamIo. I discovered this bug during my audio refactoring from PR #4660.
This commit is contained in:
Oleg Dubinskiy 2023-10-06 12:36:09 +02:00 committed by GitHub
parent 2a5fd78f1b
commit d96b3cd45c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
drivers/ksfilter/ks/irp.c
View file

@ -634,8 +634,7 @@ KsStreamIo(
IoStack = IoGetNextIrpStackLocation(Irp);
/* setup stack parameters */
IoStack->FileObject = FileObject;
IoStack->Parameters.DeviceIoControl.InputBufferLength = Length;
IoStack->Parameters.DeviceIoControl.Type3InputBuffer = StreamHeaders;
IoStack->Parameters.DeviceIoControl.OutputBufferLength = Length;
IoStack->Parameters.DeviceIoControl.IoControlCode = (Flags == KSSTREAM_READ ? IOCTL_KS_READ_STREAM : IOCTL_KS_WRITE_STREAM);
if (CompletionRoutine)