From 6ba1e6cb46d59df5bedae4779731565697166a95 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Thu, 11 Feb 2010 00:01:32 +0000 Subject: fixed bad HID input report data when using control removes the use of transfer->buffer as dest in hid_copy_transfer_data uses private hid_dest copy from windows_transfer_priv instead --- libusb/os/windows_usb.c | 8 +++++++- libusb/os/windows_usb.h | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/libusb/os/windows_usb.c b/libusb/os/windows_usb.c index d1d9f0d..3042de1 100644 --- a/libusb/os/windows_usb.c +++ b/libusb/os/windows_usb.c @@ -3034,6 +3034,7 @@ static int _hid_get_report(struct hid_device_priv* dev, HANDLE hid_handle, int i return LIBUSB_ERROR_IO; } tp->hid_buffer = buf; + tp->hid_dest = data; // copy dest, as not necessarily the start of the transfer buffer return LIBUSB_SUCCESS; } #else @@ -3543,6 +3544,7 @@ static int hid_submit_bulk_transfer(struct usbi_transfer *itransfer) { return LIBUSB_ERROR_NO_MEM; } transfer_priv->hid_buffer = (uint8_t*)malloc(transfer->length+2); + transfer_priv->hid_dest = transfer->buffer; transfer_priv->hid_expected_size = transfer->length+2; if (transfer_priv->hid_buffer == NULL) { return LIBUSB_ERROR_NO_MEM; @@ -3666,8 +3668,12 @@ static int hid_copy_transfer_data(struct usbi_transfer *itransfer, uint32_t io_s corrected_size = (uint32_t)transfer_priv->hid_expected_size; usbi_err(ctx, "OVERFLOW!"); r = LIBUSB_TRANSFER_OVERFLOW; + } else if (transfer_priv->hid_dest == NULL) { + usbi_err(ctx, "program assertion failed - copy destination address was not set"); + r = LIBUSB_TRANSFER_ERROR; + } else { + memcpy(transfer_priv->hid_dest, transfer_priv->hid_buffer+1, corrected_size); } - memcpy(transfer->buffer, transfer_priv->hid_buffer+1, corrected_size); safe_free(transfer_priv->hid_buffer); } else { // No hid_buffer => transfer was sync and our size is good diff --git a/libusb/os/windows_usb.h b/libusb/os/windows_usb.h index 30ec048..90aa879 100644 --- a/libusb/os/windows_usb.h +++ b/libusb/os/windows_usb.h @@ -298,7 +298,8 @@ static inline struct windows_device_handle_priv *__device_handle_priv( struct windows_transfer_priv { struct winfd pollable_fd; uint8_t interface_number; - uint8_t *hid_buffer; // 1 byte extended data buffer, required for HID + uint8_t *hid_buffer; // 1 byte extended data buffer, required for HID + uint8_t *hid_dest; // transfer buffer destination, required for HID size_t hid_expected_size; }; -- cgit v1.2.1