From 606e996e1fcfe9f358a1e77f6da71bfbd845b6c6 Mon Sep 17 00:00:00 2001
From: Max Korostil <mrmks04@yandex.ru>
Date: Sun, 2 Mar 2025 21:07:34 +0300
Subject: [PATCH] [UNIATA] Fix memory corruption if SCSIOP_SERVICE_ACTION16
 processed. (#7717)

Reason: the size of `READ_CAPACITY16_DATA` struct in UniATA driver and ReactOS/Windows SDK were not equal.

- In UniATA driver: `sizeof(READ_CAPACITY16_DATA) == 33` (wrong);
- In ReactOS/Windows SDK: `sizeof(READ_CAPACITY16_DATA) == 32` (correct).

CORE-19696
---
 drivers/storage/ide/uniata/scsi.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/storage/ide/uniata/scsi.h b/drivers/storage/ide/uniata/scsi.h
index 9d85cf14d59..9a599114da3 100644
--- a/drivers/storage/ide/uniata/scsi.h
+++ b/drivers/storage/ide/uniata/scsi.h
@@ -1433,7 +1433,13 @@ typedef struct _READ_CAPACITY16_DATA {
     UCHAR Prot_EN:1;
     UCHAR RTO_EN:1;
     UCHAR Reserved:6;
+#ifdef __REACTOS__
+    /* In ReactOS SDK sizeof(READ_CAPACITY16_DATA) == 32.
+     * Fixes CORE-19696 memory corruption on SCSIOP_SERVICE_ACTION16. */
+    UCHAR Reserved1[19];
+#else
     UCHAR Reserved1[20];
+#endif
 } READ_CAPACITY16_DATA, *PREAD_CAPACITY16_DATA;
 
 // CD ROM Read Table Of Contents (TOC) structures