From b70dd1aa86563f10a00a10d9c7a0d8baebf7aa2f Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Wed, 26 Oct 2016 21:53:20 +0200
Subject: [PATCH] hidclass.sys: Fix memory leak in call_minidriver.

Before 54002103763188b5c5b1fd1210ad4cf09ef80bf9, the output buffer
was released because UserIosb != NULL.

Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Aric Stewart <aric@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/hidclass.sys/main.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/dlls/hidclass.sys/main.c b/dlls/hidclass.sys/main.c
index f5a60e98fa8..1742cfedd16 100644
--- a/dlls/hidclass.sys/main.c
+++ b/dlls/hidclass.sys/main.c
@@ -98,18 +98,10 @@ NTSTATUS call_minidriver(ULONG code, DEVICE_OBJECT *device, void *in_buff, ULONG
     IRP *irp;
     IO_STATUS_BLOCK irp_status;
     NTSTATUS status;
-    void *buffer = NULL;
-
     HANDLE event = CreateEventA(NULL, FALSE, FALSE, NULL);
 
-    if (out_size)
-    {
-        buffer = HeapAlloc(GetProcessHeap(), 0, out_size);
-        memcpy(buffer, out_buff, out_size);
-    }
-
     irp = IoBuildDeviceIoControlRequest(code, device, in_buff, in_size,
-        buffer, out_size, TRUE, NULL, &irp_status);
+        out_buff, out_size, TRUE, NULL, &irp_status);
 
     IoSetCompletionRoutine(irp, internalComplete, event, TRUE, TRUE, TRUE);
     status = IoCallDriver(device, irp);
@@ -117,7 +109,6 @@ NTSTATUS call_minidriver(ULONG code, DEVICE_OBJECT *device, void *in_buff, ULONG
     if (status == STATUS_PENDING)
         WaitForSingleObject(event, INFINITE);
 
-    memcpy(out_buff, buffer, out_size);
     status = irp->IoStatus.u.Status;
 
     IoCompleteRequest(irp, IO_NO_INCREMENT );