Added more checks for buffer size to crash safely in case of incorrect driver behavior.

printing/backend/win_helper.cc

Index: printing/backend/win_helper.cc
diff --git a/printing/backend/win_helper.cc b/printing/backend/win_helper.cc
index a16228b703da699259bc962c1069665487632c6c..3405114029482dd1ed3e55c4637eb3327be815f1 100644
--- a/printing/backend/win_helper.cc
+++ b/printing/backend/win_helper.cc
@@ -469,16 +469,16 @@ scoped_ptr<DEVMODE[]> CreateDevModeWithColor(HANDLE printer,
 
 PRINTING_EXPORT scoped_ptr<DEVMODE[]> CreateDevMode(HANDLE printer,
                                                     DEVMODE* in) {
-  DWORD flags = in ? (DM_IN_BUFFER) : 0;
-  LONG buffer_size = DocumentProperties(NULL, printer, L"", NULL, in, flags);
+  LONG buffer_size = DocumentProperties(NULL, printer, L"", NULL, NULL, 0);
   if (buffer_size <= 0)
     return scoped_ptr<DEVMODE[]>();
+  CHECK_GE(buffer_size, static_cast<int>(sizeof(DEVMODE)));
   scoped_ptr<DEVMODE[]> out(
       reinterpret_cast<DEVMODE*>(new uint8[buffer_size]));
-  flags |= DM_OUT_BUFFER;
+  DWORD flags = (in ? (DM_IN_BUFFER) : 0) | DM_OUT_BUFFER;
   if (DocumentProperties(NULL, printer, L"", out.get(), in, flags) != IDOK)
     return scoped_ptr<DEVMODE[]>();
-  DCHECK_EQ(buffer_size, out.get()->dmSize + out.get()->dmDriverExtra);
+  CHECK_GE(buffer_size, out.get()->dmSize + out.get()->dmDriverExtra);
   return out.Pass();
 }