DDK BulkUSB Sample bug?

The following code is from the Win2000 DDK BulkUSB sample. I believe it has a bug. The variable nameLen is used to index the wide characters in the UNICODE string FileName. I thing the Length field in a UNICODE_STRING is in terms of bytes and the statement should be

nameLen = FileName->Length/sizeof(WCHAR);

Anybody know for sure?

Larry

PBULKUSB_PIPEINFO BulkUsb_PipeWithName(
IN PDEVICE_OBJECT DeviceObject,
IN PUNICODE_STRING FileName
)
/*++

Routine Description:

Given a PUSBD_PIPE_INFORMATION, return our device extension pipe info struct
that has this hanndle, else NULL

–*/
{
PDEVICE_EXTENSION deviceExtension = DeviceObject->DeviceExtension;
PBULKUSB_PIPEINFO pipeInfo = NULL;
ULONG i, nameLen, ix, uval , umultiplier;

nameLen = FileName->Length;

if (nameLen != 0) {

BULKUSB_KdPrint( DBGLVL_DEFAULT,(“BulkUsb_PipeWithName FileName = %ws\n”, FileName->Buffer ));

// Get pipe# to open
ix = nameLen -1; // index last char of pipe name

// if last char isn’t digit, decrement till it is
while( ( (FileName->Buffer[ix] < (WCHAR) ‘0’) ||
(FileName->Buffer[ix] > (WCHAR) ‘9’) ) && ix )
ix–;

if ( ix ) { // filename better have had at least one ascii digit!

//
// A name was specified, convert it to a pipe id.
// Parse the ansi ascii decimal 0-based pipe number
//
uval = 0;
umultiplier = 1;
// we’re traversing least-to-most significant digits
while( ( (FileName->Buffer[ix] >= (WCHAR) ‘0’) &&
(FileName->Buffer[ix] <= (WCHAR) ‘9’) ) && ix ) {

uval += (umultiplier *
(ULONG) (FileName->Buffer[ix] - (WCHAR) ‘0’));
ix–;
umultiplier *= 10;
}
}
pipeInfo = &deviceExtension->PipeInfo[uval];
}

BULKUSB_KdPrint ( DBGLVL_HIGH, (“Exit BulkUsb_PipeWithName() pipeInfo = 0x%x, ix = %d\n”, pipeInfo, uval ));

return pipeInfo;
}


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Larry,

Yes, the Length field of a UNICODE_STRING object is in bytes, not
characters;
so, the code as written, will do altogether the wrong thing. In fact
(since Buffer is a PWSTR), FileName->Buffer[ix] starts out examining memory
WAAAAAAYYYYY beyond the end of the Unicode string.

Regards,
Art Baker

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Harmon, Larry CT
Sent: Tuesday, October 09, 2001 11:56 AM
To: NT Developers Interest List
Subject: [ntdev] DDK BulkUSB Sample bug?

The following code is from the Win2000 DDK BulkUSB sample. I believe it has
a bug. The variable nameLen is used to index the wide characters in the
UNICODE string FileName. I thing the Length field in a UNICODE_STRING is in
terms of bytes and the statement should be

nameLen = FileName->Length/sizeof(WCHAR);

Anybody know for sure?

Larry

PBULKUSB_PIPEINFO
kUsb_PipeWithName(
IN PDEVICE_OBJECT DeviceObject,
IN PUNICODE_STRING FileName
)
/*++

Routine Description:

Given a PUSBD_PIPE_INFORMATION, return our device extension pipe info struct
that has this hanndle, else NULL

–*/
{
PDEVICE_EXTENSION deviceExtension = DeviceObject->DeviceExtension;
PBULKUSB_PIPEINFO pipeInfo = NULL;
ULONG i, nameLen, ix, uval , umultiplier;

nameLen = FileName->Length;

if (nameLen != 0) {

BULKUSB_KdPrint( DBGLVL_DEFAULT,(“BulkUsb_PipeWithName FileName = %ws\n”, FileName->Buffer ));

// Get pipe# to open
ix = nameLen -1; // index last char of pipe name

// if last char isn’t digit, decrement till it is
while( ( (FileName->Buffer[ix] < (WCHAR) ‘0’) ||
(FileName->Buffer[ix] > (WCHAR) ‘9’) ) && ix )
ix–;

if ( ix ) { // filename better have had at least one ascii digit!

//
// A name was specified, convert it to a pipe id.
// Parse the ansi ascii decimal 0-based pipe number
//
uval = 0;
umultiplier = 1;
// we’re traversing least-to-most significant digits
while( ( (FileName->Buffer[ix] >= (WCHAR) ‘0’) &&
(FileName->Buffer[ix] <= (WCHAR) ‘9’) ) && ix ) {

uval += (umultiplier *
(ULONG) (FileName->Buffer[ix] - (WCHAR) ‘0’));
ix–;
umultiplier *= 10;
}
}
pipeInfo = &deviceExtension->PipeInfo[uval];
}

BULKUSB_KdPrint ( DBGLVL_HIGH, (“Exit BulkUsb_PipeWithName() pipeInfo = 0x%x, ix = %d\n”, pipeInfo, uval ));

return pipeInfo;
}


You are currently subscribed to ntdev as: xxxxx@nfr.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com