fix bug in PackReport (#534)

Data is pointer to array of HID_DATA structure. Function advances pointer as it packs the report buffer. At end of process the function attempts to go back through the buffer and update the IsDataSet member. What it's actually doing is writing unexpected memory locations. Fix is to store the head of the array and move back before walking again to set the bits.
microsoft · Aug 24, 2020 · aaeca58 · aaeca58
1 parent dbadff8
commit aaeca58
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/hid/hclient/report.c b/hid/hclient/report.c
@@ -513,7 +513,7 @@ Routine Description:
     ULONG       i;
     ULONG       CurrReportID;
     BOOLEAN     result = FALSE;
-
+    PHID_DATA   Head = Data;
     /*
     // All report buffers that are initially sent need to be zero'd out
     */
@@ -584,6 +584,7 @@ Routine Description:
     //    having been set.
     */
 
+    Data = Head;
     for (i = 0; i < DataLength; i++, Data++) 
     {
         if (CurrReportID == Data -> ReportID)