From: Colin Finck Date: Tue, 21 Jul 2015 10:46:29 +0000 (+0000) Subject: [LOCALMON, LOCALSPL] X-Git-Tag: backups/colins-printing-for-freedom@73041~11 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=09db4c602e292bcb3a2433c35001de259541c337 [LOCALMON, LOCALSPL] Fix a nasty stack corruption due to a *ppwsz[cch] vs. (*ppwsz)[cch] case. But actually, we don't even need this line for null-terminating the string at all, because we operate on zero-initialized buffers. Remove it in another location as well. svn path=/branches/colins-printing-for-freedom/; revision=68510 --- diff --git a/reactos/win32ss/printing/monitors/localmon/tools.c b/reactos/win32ss/printing/monitors/localmon/tools.c index 3101b898d27..61e047c7aa6 100644 --- a/reactos/win32ss/printing/monitors/localmon/tools.c +++ b/reactos/win32ss/printing/monitors/localmon/tools.c @@ -141,25 +141,26 @@ Cleanup: DWORD GetPortNameWithoutColon(PCWSTR pwszPortName, PWSTR* ppwszPortNameWithoutColon) { - DWORD cchPortName; + DWORD cchPortNameWithoutColon; // Compute the string length of pwszPortNameWithoutColon. - cchPortName = wcslen(pwszPortName) - 1; + cchPortNameWithoutColon = wcslen(pwszPortName) - 1; // Check if pwszPortName really has a colon as the last character. - if (pwszPortName[cchPortName] != L':') + if (pwszPortName[cchPortNameWithoutColon] != L':') return ERROR_INVALID_PARAMETER; - // It has, so allocate a buffer and copy the port name without colon into it. - *ppwszPortNameWithoutColon = DllAllocSplMem((cchPortName + 1) * sizeof(WCHAR)); + // Allocate the output buffer. + *ppwszPortNameWithoutColon = DllAllocSplMem((cchPortNameWithoutColon + 1) * sizeof(WCHAR)); if (!*ppwszPortNameWithoutColon) { ERR("DllAllocSplMem failed with error %lu!\n", GetLastError()); return ERROR_NOT_ENOUGH_MEMORY; } - CopyMemory(*ppwszPortNameWithoutColon, pwszPortName, cchPortName * sizeof(WCHAR)); - *ppwszPortNameWithoutColon[cchPortName] = 0; + // Copy the port name without colon into the buffer. + // The buffer is already zero-initialized, so no additional null-termination is necessary. + CopyMemory(*ppwszPortNameWithoutColon, pwszPortName, cchPortNameWithoutColon * sizeof(WCHAR)); return ERROR_SUCCESS; } diff --git a/reactos/win32ss/printing/providers/localspl/printers.c b/reactos/win32ss/printing/providers/localspl/printers.c index eb27bc88419..48540b13fc0 100644 --- a/reactos/win32ss/printing/providers/localspl/printers.c +++ b/reactos/win32ss/printing/providers/localspl/printers.c @@ -579,9 +579,9 @@ LocalOpenPrinter(PWSTR lpPrinterName, HANDLE* phPrinter, PPRINTER_DEFAULTSW pDef if (cchFirstParameter) { // Yes, extract it. + // No null-termination is necessary here, because DllAllocSplMem returns a zero-initialized buffer. pwszFirstParameter = DllAllocSplMem((cchFirstParameter + 1) * sizeof(WCHAR)); CopyMemory(pwszFirstParameter, lpPrinterName, cchFirstParameter * sizeof(WCHAR)); - pwszFirstParameter[cchFirstParameter] = 0; } // Do we have a second parameter?