[ros-dev] RE: [ros-svn] [ion] 17417: Remove all non-official
LPCstructures/defines/hardcoded hacks,
and use actual correct sizes and structures.
Ge van Geldorp
gvg at reactos.com
Wed Aug 17 18:38:15 CEST 2005
> From: ion at svn.reactos.com
>
> Remove all non-official LPC structures/defines/hardcoded
> hacks, and use actual correct sizes and structures.
This breaks a simple boot.
ntoskrnl/include/internal/port.h previously defined QUEUEDMESSAGE as:
typedef struct _QUEUEDMESSAGE
{
PEPORT Sender;
LIST_ENTRY QueueListEntry;
PORT_MESSAGE Message;
UCHAR MessageData [MAX_MESSAGE_DATA];
} QUEUEDMESSAGE, *PQUEUEDMESSAGE;
r17417 removed the MessageData member.
Now in ntoskrnl/lpc/reply.c function EiReplyOrRequestPort() line 52:
memcpy(&MessageReply->Message, LpcReply, LpcReply->u1.s1.TotalLength);
writes outside allocated memory (MessageReply is a PQUEUEDMESSAGE,
LpcReply->u1.s1.TotalLength is 292). This causes a subsequent ExFreePool to
generate a page fault.
Gé van Geldorp.
More information about the Ros-dev
mailing list