Author: cfinck Date: Tue Jul 21 10:46:29 2015 New Revision: 68510
URL: http://svn.reactos.org/svn/reactos?rev=68510&view=rev Log: [LOCALMON, LOCALSPL] Fix a nasty stack corruption due to a *ppwsz[cch] vs. (*ppwsz)[cch] case. But actually, we don't even need this line for null-terminating the string at all, because we operate on zero-initialized buffers. Remove it in another location as well.
Modified: branches/colins-printing-for-freedom/reactos/win32ss/printing/monitors/localmon/tools.c branches/colins-printing-for-freedom/reactos/win32ss/printing/providers/localspl/printers.c
Modified: branches/colins-printing-for-freedom/reactos/win32ss/printing/monitors/localmon/tools.c URL: http://svn.reactos.org/svn/reactos/branches/colins-printing-for-freedom/reac... ============================================================================== --- branches/colins-printing-for-freedom/reactos/win32ss/printing/monitors/localmon/tools.c [iso-8859-1] (original) +++ branches/colins-printing-for-freedom/reactos/win32ss/printing/monitors/localmon/tools.c [iso-8859-1] Tue Jul 21 10:46:29 2015 @@ -141,25 +141,26 @@ DWORD GetPortNameWithoutColon(PCWSTR pwszPortName, PWSTR* ppwszPortNameWithoutColon) { - DWORD cchPortName; + DWORD cchPortNameWithoutColon;
// Compute the string length of pwszPortNameWithoutColon. - cchPortName = wcslen(pwszPortName) - 1; + cchPortNameWithoutColon = wcslen(pwszPortName) - 1;
// Check if pwszPortName really has a colon as the last character. - if (pwszPortName[cchPortName] != L':') + if (pwszPortName[cchPortNameWithoutColon] != L':') return ERROR_INVALID_PARAMETER;
- // It has, so allocate a buffer and copy the port name without colon into it. - *ppwszPortNameWithoutColon = DllAllocSplMem((cchPortName + 1) * sizeof(WCHAR)); + // Allocate the output buffer. + *ppwszPortNameWithoutColon = DllAllocSplMem((cchPortNameWithoutColon + 1) * sizeof(WCHAR)); if (!*ppwszPortNameWithoutColon) { ERR("DllAllocSplMem failed with error %lu!\n", GetLastError()); return ERROR_NOT_ENOUGH_MEMORY; }
- CopyMemory(*ppwszPortNameWithoutColon, pwszPortName, cchPortName * sizeof(WCHAR)); - *ppwszPortNameWithoutColon[cchPortName] = 0; + // Copy the port name without colon into the buffer. + // The buffer is already zero-initialized, so no additional null-termination is necessary. + CopyMemory(*ppwszPortNameWithoutColon, pwszPortName, cchPortNameWithoutColon * sizeof(WCHAR));
return ERROR_SUCCESS; }
Modified: branches/colins-printing-for-freedom/reactos/win32ss/printing/providers/localspl/printers.c URL: http://svn.reactos.org/svn/reactos/branches/colins-printing-for-freedom/reac... ============================================================================== --- branches/colins-printing-for-freedom/reactos/win32ss/printing/providers/localspl/printers.c [iso-8859-1] (original) +++ branches/colins-printing-for-freedom/reactos/win32ss/printing/providers/localspl/printers.c [iso-8859-1] Tue Jul 21 10:46:29 2015 @@ -579,9 +579,9 @@ if (cchFirstParameter) { // Yes, extract it. + // No null-termination is necessary here, because DllAllocSplMem returns a zero-initialized buffer. pwszFirstParameter = DllAllocSplMem((cchFirstParameter + 1) * sizeof(WCHAR)); CopyMemory(pwszFirstParameter, lpPrinterName, cchFirstParameter * sizeof(WCHAR)); - pwszFirstParameter[cchFirstParameter] = 0; }
// Do we have a second parameter?