From aaeca58c5e7b67740a603a3150db225670b42bb6 Mon Sep 17 00:00:00 2001 From: ebadger Date: Mon, 24 Aug 2020 13:38:06 -0700 Subject: [PATCH] fix bug in PackReport (#534) Data is pointer to array of HID_DATA structure. Function advances pointer as it packs the report buffer. At end of process the function attempts to go back through the buffer and update the IsDataSet member. What it's actually doing is writing unexpected memory locations. Fix is to store the head of the array and move back before walking again to set the bits. --- hid/hclient/report.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hid/hclient/report.c b/hid/hclient/report.c index f1d9ee55e..02fb95a94 100644 --- a/hid/hclient/report.c +++ b/hid/hclient/report.c @@ -513,7 +513,7 @@ Routine Description: ULONG i; ULONG CurrReportID; BOOLEAN result = FALSE; - + PHID_DATA Head = Data; /* // All report buffers that are initially sent need to be zero'd out */ @@ -584,6 +584,7 @@ Routine Description: // having been set. */ + Data = Head; for (i = 0; i < DataLength; i++, Data++) { if (CurrReportID == Data -> ReportID)