[ros-diffs] [janderwald] 55525: [USBEHCI] [USBOHCI] - Don't corrupt memory when a queue head / transfer descriptor is freed - How did this work before...
janderwald at svn.reactos.org
janderwald at svn.reactos.org
Fri Feb 10 16:28:37 UTC 2012
Author: janderwald
Date: Fri Feb 10 16:28:35 2012
New Revision: 55525
URL: http://svn.reactos.org/svn/reactos?rev=55525&view=rev
Log:
[USBEHCI] [USBOHCI]
- Don't corrupt memory when a queue head / transfer descriptor is freed
- How did this work before...
Modified:
branches/usb-bringup-trunk/drivers/usb/usbehci/memory_manager.cpp
branches/usb-bringup-trunk/drivers/usb/usbohci/memory_manager.cpp
Modified: branches/usb-bringup-trunk/drivers/usb/usbehci/memory_manager.cpp
URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/usb/usbehci/memory_manager.cpp?rev=55525&r1=55524&r2=55525&view=diff
==============================================================================
--- branches/usb-bringup-trunk/drivers/usb/usbehci/memory_manager.cpp [iso-8859-1] (original)
+++ branches/usb-bringup-trunk/drivers/usb/usbehci/memory_manager.cpp [iso-8859-1] Fri Feb 10 16:28:35 2012
@@ -271,7 +271,7 @@
IN ULONG Size)
{
KIRQL OldLevel;
- ULONG BlockOffset = 0, BlockLength;
+ ULONG BlockOffset = 0, BlockLength, BlockCount;
//
// sanity checks
@@ -302,14 +302,25 @@
Size = (Size + m_BlockSize - 1) & ~(m_BlockSize - 1);
//
+ // convert to blocks
+ //
+ BlockCount = Size / m_BlockSize;
+ ASSERT(BlockCount);
+
+ //
// acquire lock
//
KeAcquireSpinLock(m_Lock, &OldLevel);
//
+ // sanity check
+ //
+ ASSERT(RtlAreBitsSet(&m_Bitmap, BlockOffset, BlockCount));
+
+ //
// release buffer
//
- RtlClearBits(&m_Bitmap, BlockOffset, Size);
+ RtlClearBits(&m_Bitmap, BlockOffset, BlockCount);
//
// release lock
Modified: branches/usb-bringup-trunk/drivers/usb/usbohci/memory_manager.cpp
URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/usb/usbohci/memory_manager.cpp?rev=55525&r1=55524&r2=55525&view=diff
==============================================================================
--- branches/usb-bringup-trunk/drivers/usb/usbohci/memory_manager.cpp [iso-8859-1] (original)
+++ branches/usb-bringup-trunk/drivers/usb/usbohci/memory_manager.cpp [iso-8859-1] Fri Feb 10 16:28:35 2012
@@ -271,7 +271,7 @@
IN ULONG Size)
{
KIRQL OldLevel;
- ULONG BlockOffset = 0, BlockLength;
+ ULONG BlockOffset = 0, BlockLength, BlockCount;
//
// sanity checks
@@ -302,14 +302,25 @@
Size = (Size + m_BlockSize - 1) & ~(m_BlockSize - 1);
//
+ // convert to blocks
+ //
+ BlockCount = Size / m_BlockSize;
+ ASSERT(BlockCount);
+
+ //
// acquire lock
//
KeAcquireSpinLock(m_Lock, &OldLevel);
//
+ // sanity check
+ //
+ ASSERT(RtlAreBitsSet(&m_Bitmap, BlockOffset, BlockCount));
+
+ //
// release buffer
//
- RtlClearBits(&m_Bitmap, BlockOffset, Size);
+ RtlClearBits(&m_Bitmap, BlockOffset, BlockCount);
//
// release lock
More information about the Ros-diffs
mailing list