https://git.reactos.org/?p=reactos.git;a=commitdiff;h=606e996e1fcfe9f358a1e77f6da71bfbd845b6c6
commit 606e996e1fcfe9f358a1e77f6da71bfbd845b6c6
Author: Max Korostil <mrmk...@yandex.ru>
AuthorDate: Sun Mar 2 21:07:34 2025 +0300
Commit: GitHub <nore...@github.com>
CommitDate: Sun Mar 2 19:07:34 2025 +0100
[UNIATA] Fix memory corruption if SCSIOP_SERVICE_ACTION16 processed. (#7717)
Reason: the size of `READ_CAPACITY16_DATA` struct in UniATA driver and
ReactOS/Windows SDK were not equal.
- In UniATA driver: `sizeof(READ_CAPACITY16_DATA) == 33` (wrong);
- In ReactOS/Windows SDK: `sizeof(READ_CAPACITY16_DATA) == 32` (correct).
CORE-19696
---
drivers/storage/ide/uniata/scsi.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/storage/ide/uniata/scsi.h
b/drivers/storage/ide/uniata/scsi.h
index 9d85cf14d59..9a599114da3 100644
--- a/drivers/storage/ide/uniata/scsi.h
+++ b/drivers/storage/ide/uniata/scsi.h
@@ -1433,7 +1433,13 @@ typedef struct _READ_CAPACITY16_DATA {
UCHAR Prot_EN:1;
UCHAR RTO_EN:1;
UCHAR Reserved:6;
+#ifdef __REACTOS__
+ /* In ReactOS SDK sizeof(READ_CAPACITY16_DATA) == 32.
+ * Fixes CORE-19696 memory corruption on SCSIOP_SERVICE_ACTION16. */
+ UCHAR Reserved1[19];
+#else
UCHAR Reserved1[20];
+#endif
} READ_CAPACITY16_DATA, *PREAD_CAPACITY16_DATA;
// CD ROM Read Table Of Contents (TOC) structures
