[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Add check for empty List in FdoCsqPeekNextIrp.

To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
From: Troy Crosley <troycrosley@xxxxxxxxx>
Date: Mon, 19 Oct 2020 14:57:17 -0400
Cc: paul@xxxxxxx, ben.chalmers@xxxxxxxxxx, owen.smith@xxxxxxxxxx, Troy Crosley <troycrosley@xxxxxxxxx>
Delivery-date: Mon, 19 Oct 2020 18:57:31 +0000
List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Under certain situations, such as when input is being sent during driver
install or sleep transition, FdoCsqPeekNextIrp can be called with an
empty Fdo->List. In that case, FdoCsqPeekNextIrp dereferences the list
head and returns an invalid IRP; it should check for this error
condition.

Signed-off-by: Troy Crosley <troycrosley@xxxxxxxxx>
---
 src/xenhid/fdo.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/xenhid/fdo.c b/src/xenhid/fdo.c
index c2ef7c8..04d3d7f 100644
--- a/src/xenhid/fdo.c
+++ b/src/xenhid/fdo.c
@@ -123,8 +123,12 @@ FdoCsqPeekNextIrp(
     else
         ListEntry = Irp->Tail.Overlay.ListEntry.Flink;
 
-    NextIrp = CONTAINING_RECORD(ListEntry, IRP, Tail.Overlay.ListEntry);
     // should walk through the list until a match against Context is found
+    if (ListEntry != &Fdo->List)
+        NextIrp = CONTAINING_RECORD(ListEntry, IRP, Tail.Overlay.ListEntry);
+    else
+        NextIrp = NULL;
+
     return NextIrp;
 }
 
-- 
2.20.1

Follow-Ups:
- RE: [PATCH] Add check for empty List in FdoCsqPeekNextIrp.
  - From: Paul Durrant

Prev by Date: Re: IRP buffer access in XENHID
Next by Date: RE: [PATCH] Add check for empty List in FdoCsqPeekNextIrp.
Previous by thread: XENHID-master - Build #23 - Successful
Next by thread: RE: [PATCH] Add check for empty List in FdoCsqPeekNextIrp.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.