hid: hidparser: Fix for CORE-11538.

This commit fixes issue https://jira.reactos.org/browse/CORE-11538.

There were mistakes in buffer manipulation loops.

svn path=/branches/GSoC_2016/USB/; revision=72394

Author: mvardan

drivers/hid/hidparse/hidparse.c

@@ -125,6 +125,29 @@ HidP_GetCaps(
     return HidParser_GetCaps(&Parser, PreparsedData, Capabilities);
 }
 
+NTSTATUS
+TranslateStatusForUpperLayer(
+    IN HIDPARSER_STATUS Status)
+{
+    //
+    // now we are handling only this values, for others just return
+    // status as it is.
+    //
+    switch (Status)
+    {
+    case HIDPARSER_STATUS_INSUFFICIENT_RESOURCES:
+        return STATUS_INSUFFICIENT_RESOURCES;
+    case HIDPARSER_STATUS_INVALID_REPORT_TYPE:
+        return HIDP_STATUS_INVALID_REPORT_TYPE;
+    case HIDPARSER_STATUS_BUFFER_TOO_SMALL:
+        return STATUS_BUFFER_TOO_SMALL;
+    case HIDPARSER_STATUS_COLLECTION_NOT_FOUND:
+        return STATUS_NO_DATA_DETECTED;
+    default:
+        return Status;
+    }
+}
+
 NTSTATUS
 NTAPI
 HidP_GetCollectionDescription(
@@ -134,6 +157,7 @@ HidP_GetCollectionDescription(
     OUT PHIDP_DEVICE_DESC DeviceDescription)
 {
     HID_PARSER Parser;
+    NTSTATUS Status;
 
     //
     // init parser
@@ -143,7 +167,8 @@ HidP_GetCollectionDescription(
     //
     // get description;
     //
-    return HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength, PoolType, DeviceDescription);
+    Status = HidParser_GetCollectionDescription(&Parser, ReportDesc, DescLength, PoolType, DeviceDescription);
+    return TranslateStatusForUpperLayer(Status);
 }
 
 HIDAPI

sdk/lib/drivers/hidparser/context.c

@@ -163,7 +163,7 @@ HidParser_StoreCollection(
         //
         // store offset
         //
-        TargetCollection->Offsets[Collection->NodeCount + Index] = CurrentOffset;
+        TargetCollection->Offsets[Collection->ReportCount + Index] = CurrentOffset;
 
         //
         // store sub collections
@@ -254,7 +254,7 @@ HidParser_SearchReportInCollection(
         //
         // get collection
         //
-        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->NodeCount + Index]);
+        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->ReportCount + Index]);
 
         //
         // recursively search collection
@@ -314,7 +314,7 @@ HidParser_GetCollectionCount(
         //
         // get offset to sub collection
         //
-        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->NodeCount + Index]);
+        SubCollection = (PHID_COLLECTION)(CollectionContext->RawData + Collection->Offsets[Collection->ReportCount + Index]);
 
         //
         // count collection for sub nodes

sdk/lib/drivers/hidparser/hidparser.c

@@ -68,7 +68,7 @@ HidParser_GetCollectionDescription(
         // failed to parse report descriptor
         //
         Parser->Debug("[HIDPARSER] Failed to parse report descriptor with %x\n", ParserStatus);
-        return TranslateHidParserStatus(ParserStatus);
+        return ParserStatus;
     }
 
     //
@@ -126,7 +126,9 @@ HidParser_GetCollectionDescription(
             //
             // no memory
             //
-            return TranslateHidParserStatus(ParserStatus);
+            Parser->Free(DeviceDescription->CollectionDesc);
+            Parser->Free(DeviceDescription->ReportIDs);
+            return ParserStatus;
         }
 
         //
@@ -153,6 +155,13 @@ HidParser_GetCollectionDescription(
         // get collection usage page
         //
         ParserStatus = HidParser_GetCollectionUsagePage((PVOID)DeviceDescription->CollectionDesc[Index].PreparsedData, &DeviceDescription->CollectionDesc[Index].Usage, &DeviceDescription->CollectionDesc[Index].UsagePage);
+        if (ParserStatus != HIDPARSER_STATUS_SUCCESS)
+        {
+            // collection not found
+            Parser->Free(DeviceDescription->CollectionDesc);
+            Parser->Free(DeviceDescription->ReportIDs);
+            return ParserStatus;
+        }
 
         //
         // windows seems to prepend the report id, regardless if it is required

sdk/lib/drivers/hidparser/parser.c

@@ -713,30 +713,6 @@ HidParser_AddMainItem(
     return HIDPARSER_STATUS_SUCCESS;
 }
 
-HIDPARSER_STATUS
-AllocateParserContext(
-    IN PHID_PARSER Parser,
-    OUT PHID_PARSER_CONTEXT *OutParserContext)
-{
-    PHID_PARSER_CONTEXT ParserContext;
-
-    ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT));
-    if (!ParserContext)
-    {
-        //
-        // failed
-        //
-        return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
-    }
-
-    //
-    // store result
-    //
-    *OutParserContext = ParserContext;
-    return HIDPARSER_STATUS_SUCCESS;
-}
-
-
 HIDPARSER_STATUS
 HidParser_ParseReportDescriptor(
     IN PHID_PARSER Parser,
@@ -760,12 +736,18 @@ HidParser_ParseReportDescriptor(
     PMAIN_ITEM_DATA MainItemData;
     PHID_PARSER_CONTEXT ParserContext;
 
+    CurrentOffset = ReportDescriptor;
+    ReportEnd = ReportDescriptor + ReportLength;
+
+    if (ReportDescriptor >= ReportEnd)
+        return HIDPARSER_STATUS_COLLECTION_NOT_FOUND;
+
     //
     // allocate parser
     //
-    Status = AllocateParserContext(Parser, &ParserContext);
-    if (Status != HIDPARSER_STATUS_SUCCESS)
-        return Status;
+    ParserContext = Parser->Alloc(sizeof(HID_PARSER_CONTEXT));;
+    if (!ParserContext)
+        return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
 
 
     //
@@ -778,6 +760,7 @@ HidParser_ParseReportDescriptor(
         //
         // no memory
         //
+        Parser->Free(ParserContext);
         return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
     }
 
@@ -792,15 +775,14 @@ HidParser_ParseReportDescriptor(
         //
         Parser->Free(ParserContext->LocalItemState.UsageStack);
         ParserContext->LocalItemState.UsageStack = NULL;
+        Parser->Free(ParserContext);
         return HIDPARSER_STATUS_INSUFFICIENT_RESOURCES;
     }
 
     //
     // start parsing
     //
     CurrentCollection = ParserContext->RootCollection;
-    CurrentOffset = ReportDescriptor;
-    ReportEnd = ReportDescriptor + ReportLength;
 
     do
     {
@@ -1230,8 +1212,7 @@ HidParser_ParseReportDescriptor(
         //
         CurrentOffset += CurrentItemSize + sizeof(ITEM_PREFIX);
 
-
-    }while(CurrentOffset < ReportEnd);
+    }while (CurrentOffset < ReportEnd);
 
 
     //