Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: printing/backend/win_helper.cc

Issue 644463002: Zeroes buffer for DocumentProperti (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "printing/backend/win_helper.h" 5 #include "printing/backend/win_helper.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 8
9 #include "base/file_version_info.h" 9 #include "base/file_version_info.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 460 matching lines...) Expand 10 before | Expand all | Expand 10 after
471 } 471 }
472 472
473 scoped_ptr<DEVMODE, base::FreeDeleter> CreateDevMode(HANDLE printer, 473 scoped_ptr<DEVMODE, base::FreeDeleter> CreateDevMode(HANDLE printer,
474 DEVMODE* in) { 474 DEVMODE* in) {
475 LONG buffer_size = DocumentProperties( 475 LONG buffer_size = DocumentProperties(
476 NULL, printer, const_cast<wchar_t*>(L""), NULL, NULL, 0); 476 NULL, printer, const_cast<wchar_t*>(L""), NULL, NULL, 0);
477 if (buffer_size < static_cast<int>(sizeof(DEVMODE))) 477 if (buffer_size < static_cast<int>(sizeof(DEVMODE)))
478 return scoped_ptr<DEVMODE, base::FreeDeleter>(); 478 return scoped_ptr<DEVMODE, base::FreeDeleter>();
479 scoped_ptr<DEVMODE, base::FreeDeleter> out( 479 scoped_ptr<DEVMODE, base::FreeDeleter> out(
480 reinterpret_cast<DEVMODE*>(malloc(buffer_size))); 480 reinterpret_cast<DEVMODE*>(malloc(buffer_size)));
481 memset(out.get(), 0, buffer_size);
Lei Zhang 2014/10/08 20:11:34 Just calloc() instead?
Vitaly Buka (NO REVIEWS) 2014/10/08 20:18:15 Done.
481 DWORD flags = (in ? (DM_IN_BUFFER) : 0) | DM_OUT_BUFFER; 482 DWORD flags = (in ? (DM_IN_BUFFER) : 0) | DM_OUT_BUFFER;
482 if (DocumentProperties( 483 if (DocumentProperties(
483 NULL, printer, const_cast<wchar_t*>(L""), out.get(), in, flags) != 484 NULL, printer, const_cast<wchar_t*>(L""), out.get(), in, flags) !=
484 IDOK) { 485 IDOK) {
485 return scoped_ptr<DEVMODE, base::FreeDeleter>(); 486 return scoped_ptr<DEVMODE, base::FreeDeleter>();
486 } 487 }
487 CHECK_GE(buffer_size, out.get()->dmSize + out.get()->dmDriverExtra); 488 WORD size = out->dmSize;
489 WORD extra_size = out->dmDriverExtra;
490 CHECK_GE(buffer_size, size + extra_size);
Lei Zhang 2014/10/08 20:11:34 Do we care if size + extra_size overflows?
Vitaly Buka (NO REVIEWS) 2014/10/08 20:18:15 Done.
Lei Zhang 2014/10/08 20:24:15 I just checked and a WORD is only 16-bit. There's
Vitaly Buka (NO REVIEWS) 2014/10/08 20:32:55 C++ does WORD+WORD->WORD, so old version indeed ha
488 return out.Pass(); 491 return out.Pass();
489 } 492 }
490 493
491 scoped_ptr<DEVMODE, base::FreeDeleter> PromptDevMode( 494 scoped_ptr<DEVMODE, base::FreeDeleter> PromptDevMode(
492 HANDLE printer, 495 HANDLE printer,
493 const base::string16& printer_name, 496 const base::string16& printer_name,
494 DEVMODE* in, 497 DEVMODE* in,
495 HWND window, 498 HWND window,
496 bool* canceled) { 499 bool* canceled) {
497 LONG buffer_size = 500 LONG buffer_size =
498 DocumentProperties(window, 501 DocumentProperties(window,
499 printer, 502 printer,
500 const_cast<wchar_t*>(printer_name.c_str()), 503 const_cast<wchar_t*>(printer_name.c_str()),
501 NULL, 504 NULL,
502 NULL, 505 NULL,
503 0); 506 0);
504 if (buffer_size < static_cast<int>(sizeof(DEVMODE))) 507 if (buffer_size < static_cast<int>(sizeof(DEVMODE)))
505 return scoped_ptr<DEVMODE, base::FreeDeleter>(); 508 return scoped_ptr<DEVMODE, base::FreeDeleter>();
506 scoped_ptr<DEVMODE, base::FreeDeleter> out( 509 scoped_ptr<DEVMODE, base::FreeDeleter> out(
507 reinterpret_cast<DEVMODE*>(malloc(buffer_size))); 510 reinterpret_cast<DEVMODE*>(malloc(buffer_size)));
511 memset(out.get(), 0, buffer_size);
508 DWORD flags = (in ? (DM_IN_BUFFER) : 0) | DM_OUT_BUFFER | DM_IN_PROMPT; 512 DWORD flags = (in ? (DM_IN_BUFFER) : 0) | DM_OUT_BUFFER | DM_IN_PROMPT;
509 LONG result = DocumentProperties(window, 513 LONG result = DocumentProperties(window,
510 printer, 514 printer,
511 const_cast<wchar_t*>(printer_name.c_str()), 515 const_cast<wchar_t*>(printer_name.c_str()),
512 out.get(), 516 out.get(),
513 in, 517 in,
514 flags); 518 flags);
515 if (canceled) 519 if (canceled)
516 *canceled = (result == IDCANCEL); 520 *canceled = (result == IDCANCEL);
517 if (result != IDOK) 521 if (result != IDOK)
518 return scoped_ptr<DEVMODE, base::FreeDeleter>(); 522 return scoped_ptr<DEVMODE, base::FreeDeleter>();
519 CHECK_GE(buffer_size, out.get()->dmSize + out.get()->dmDriverExtra); 523 WORD size = out->dmSize;
524 WORD extra_size = out->dmDriverExtra;
525 CHECK_GE(buffer_size, size + extra_size);
520 return out.Pass(); 526 return out.Pass();
521 } 527 }
522 528
523 } // namespace printing 529 } // namespace printing
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698