From: "Rémi Bernon" <rbernon@codeweavers.com>
Subject: [PATCH 2/8] winebus.sys: Use last report length in IOCTL_HID_GET_INPUT_REPORT.
Message-Id: <20211119083942.3788693-2-rbernon@codeweavers.com>
Date: Fri, 19 Nov 2021 09:39:36 +0100
In-Reply-To: <20211119083942.3788693-1-rbernon@codeweavers.com>
References: <20211119083942.3788693-1-rbernon@codeweavers.com>

Instead of packet length, which may be larger than the last report
buffer.

Based on a patch from Ivo Ivanov <logos128@gmail.com>.

Signed-off-by: Rémi Bernon <rbernon@codeweavers.com>
---
 dlls/winebus.sys/main.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/dlls/winebus.sys/main.c b/dlls/winebus.sys/main.c
index c9a18313853..d805f887a6f 100644
--- a/dlls/winebus.sys/main.c
+++ b/dlls/winebus.sys/main.c
@@ -82,7 +82,7 @@ struct device_extension
     ULONG report_desc_length;
     HIDP_DEVICE_DESC collection_desc;
 
-    BYTE *last_reports[256];
+    struct hid_report *last_reports[256];
     struct list reports;
     IRP *pending_read;
 
@@ -432,7 +432,7 @@ static void process_hid_report(DEVICE_OBJECT *device, BYTE *report_buf, DWORD re
 {
     struct device_extension *ext = (struct device_extension *)device->DeviceExtension;
     ULONG size = offsetof(struct hid_report, buffer[report_len]);
-    struct hid_report *report;
+    struct hid_report *report, *last_report;
     IRP *irp;
 
     if (!(report = RtlAllocateHeap(GetProcessHeap(), 0, size))) return;
@@ -442,8 +442,11 @@ static void process_hid_report(DEVICE_OBJECT *device, BYTE *report_buf, DWORD re
     RtlEnterCriticalSection(&ext->cs);
     list_add_tail(&ext->reports, &report->entry);
 
-    if (!ext->collection_desc.ReportIDs[0].ReportID) memcpy(ext->last_reports[0], report_buf, report_len);
-    else memcpy(ext->last_reports[report_buf[0]], report_buf, report_len);
+    if (!ext->collection_desc.ReportIDs[0].ReportID) last_report = ext->last_reports[0];
+    else last_report = ext->last_reports[report_buf[0]];
+
+    last_report->length = report_len;
+    memcpy(last_report->buffer, report_buf, report_len);
 
     if ((irp = pop_pending_read(ext)))
     {
@@ -857,6 +860,7 @@ static NTSTATUS pdo_pnp_dispatch(DEVICE_OBJECT *device, IRP *irp)
                     for (i = 0; i < ext->collection_desc.ReportIDsLength; ++i)
                     {
                         if (!(size = reports[i].InputLength)) continue;
+                        size = offsetof( struct hid_report, buffer[size] );
                         if (!(ext->last_reports[reports[i].ReportID] = RtlAllocateHeap(GetProcessHeap(), 0, size))) status = STATUS_NO_MEMORY;
                     }
                     if (!status) ext->state = DEVICE_STATE_STARTED;
@@ -1035,7 +1039,9 @@ static NTSTATUS WINAPI hid_internal_dispatch(DEVICE_OBJECT *device, IRP *irp)
         case IOCTL_HID_GET_INPUT_REPORT:
         {
             HID_XFER_PACKET *packet = (HID_XFER_PACKET *)irp->UserBuffer;
-            memcpy(packet->reportBuffer, ext->last_reports[packet->reportId], packet->reportBufferLen);
+            struct hid_report *last_report = ext->last_reports[packet->reportId];
+            memcpy(packet->reportBuffer, last_report->buffer, last_report->length);
+            packet->reportBufferLen = last_report->length;
             irp->IoStatus.Information = packet->reportBufferLen;
             irp->IoStatus.Status = STATUS_SUCCESS;
             if (TRACE_ON(hid))

-- 
2.33.1