nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 553586: Heap corruption in Windows ShowNativePrintDialog. r=vlad

Browse source
This commit is contained in:
Jacek Caban 2010-04-03 07:35:27 -04:00
parent 431e038108
commit 43af34b1a0
1 changed files with 5 additions and 9 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

14
embedding/components/printingui/src/win/nsPrintDialogUtil.cpp
View file

@ -205,7 +205,6 @@ MapPaperSizeToNativeEnum(LPDEVMODEW aDevMode,
#endif #endif
const double kThreshold = 0.05; const double kThreshold = 0.05;
PRBool foundEnum = PR_FALSE;
for (PRInt32 i=0;i<kNumPaperSizes;i++) { for (PRInt32 i=0;i<kNumPaperSizes;i++) {
double width = kPaperSizes[i].mWidth; double width = kPaperSizes[i].mWidth;
double height = kPaperSizes[i].mHeight; double height = kPaperSizes[i].mHeight;
@ -456,7 +455,7 @@ static void SetRadioOfGroup(HWND aDlg, int aRadId)
//-------------------------------------------------------- //--------------------------------------------------------
typedef struct { typedef struct {
char * mKeyStr; const char * mKeyStr;
long mKeyId; long mKeyId;
} PropKeyInfo; } PropKeyInfo;
@ -754,7 +753,6 @@ static HGLOBAL CreateGlobalDevModeAndInit(LPCWSTR aPrintName, nsIPrintSettings*
{ {
HGLOBAL hGlobalDevMode = NULL; HGLOBAL hGlobalDevMode = NULL;
nsresult rv = NS_ERROR_FAILURE;
HANDLE hPrinter = NULL; HANDLE hPrinter = NULL;
// const cast kludge for silly Win32 api's // const cast kludge for silly Win32 api's
LPWSTR printName = const_cast<wchar_t*>(aPrintName); LPWSTR printName = const_cast<wchar_t*>(aPrintName);
@ -863,7 +861,6 @@ ShowNativePrintDialog(HWND aHWnd,
//NS_ENSURE_ARG_POINTER(aHWnd); //NS_ENSURE_ARG_POINTER(aHWnd);
NS_ENSURE_ARG_POINTER(aPrintSettings); NS_ENSURE_ARG_POINTER(aPrintSettings);
nsresult rv = NS_ERROR_FAILURE;
gDialogWasExtended = PR_FALSE; gDialogWasExtended = PR_FALSE;
HGLOBAL hGlobalDevMode = NULL; HGLOBAL hGlobalDevMode = NULL;
@ -895,13 +892,12 @@ ShowNativePrintDialog(HWND aHWnd,
hDevNames = (HGLOBAL)::GlobalAlloc(GHND, sizeof(wchar_t) * (len + 1) + hDevNames = (HGLOBAL)::GlobalAlloc(GHND, sizeof(wchar_t) * (len + 1) +
sizeof(DEVNAMES)); sizeof(DEVNAMES));
DEVNAMES* pDevNames = (DEVNAMES*)::GlobalLock(hDevNames); DEVNAMES* pDevNames = (DEVNAMES*)::GlobalLock(hDevNames);
pDevNames->wDriverOffset = sizeof(DEVNAMES); pDevNames->wDriverOffset = sizeof(DEVNAMES)/sizeof(wchar_t);
pDevNames->wDeviceOffset = sizeof(DEVNAMES); pDevNames->wDeviceOffset = sizeof(DEVNAMES)/sizeof(wchar_t);
pDevNames->wOutputOffset = sizeof(DEVNAMES)+len+1; pDevNames->wOutputOffset = sizeof(DEVNAMES)/sizeof(wchar_t)+len;
pDevNames->wDefault = 0; pDevNames->wDefault = 0;
wchar_t* device = &(((wchar_t*)pDevNames)[pDevNames->wDeviceOffset]); memcpy(pDevNames+1, printerName, (len + 1) * sizeof(wchar_t));
wcscpy(device, printerName);
::GlobalUnlock(hDevNames); ::GlobalUnlock(hDevNames);
// Create a Moveable Memory Object that holds a new DevMode // Create a Moveable Memory Object that holds a new DevMode