Closed Bug 257627 Opened 20 years ago Closed 20 years ago

GetPrintDriverSize () returns pointer to stack variable and causes Laserjet trap

Categories

(Core Graveyard :: GFX: OS/2, defect)

Product:
Core Graveyard
Component:
GFX: OS/2
Platform:
x86
OS/2
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jonitis, Assigned: mkaply)

Details

(Keywords: fixed-aviary1.0, fixed1.7.5)

Attachments

(1 file)

diff -d -u -8
3.97 KB, patch
mkaply
: review+
mkaply
: superreview+
mkaply
: approval-aviary+
mkaply
: approval1.7.5+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040614 Firefox/0.9
Build Identifier: 

nsDeviceContextSpecOS2::PrnDlg.GetPrintDriverSize returns pointer to automatic
stack variable which after return is already undefined. That garbage is passed
to GreEscape that causes the LaserJet driver to crash.

Reproducible: Always
Steps to Reproduce:
Open printer properties dialog
Actual Results:  
Debug version of Laserjet traps, because instead of buffer size it receives some
random garbage.

Expected Results:  
No traps.

The patch changes the GetPrintDriverSize () to return the ULONG. Caller assigns
the result to local variable and passes the address of this variable to
GreEscape ().
Attached patch diff -d -u -8Splinter Review 

    
  
OS: other → OS/2

    
  

        Attachment #157601 -
        Flags: review?(mkaply)

    
    

    
  
Comment on attachment 157601 [details] [diff] [review]
diff -d -u -8

Wow. This might be a source of some of our other random traps too. 

Nice find.

        Attachment #157601 -
        Flags: superreview+

        Attachment #157601 -
        Flags: review?(mkaply)

        Attachment #157601 -
        Flags: review+

        Attachment #157601 -
        Flags: approval1.7.x+

        Attachment #157601 -
        Flags: approval-aviary+

    
    

    
  
Fixed in all.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Keywords: fixed-aviary1.0, 
          
            fixed1.7.x
Resolution: --- → FIXED
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: