Bugs inside SERIALUSBFN & COM MDD (?) RRS feed

  • Question

  • Hello, I wanna point to some issues which I found inside SerialUSBFN and COM MDDs drivers of Windows CE. (Applied to CE50 - CE70 seems)


    In file located:


    inside function:

    void USBSerialFn::XmitInterruptHandler(PUCHAR pTxBuffer, ULONG *pBuffLen) 


    if ((m_DCB.fOutxCtsFlow && IsCTSOff()) ||(m_DCB.fOutxDsrFlow && IsDSROff())) { // We are in flow off 

    this code use random values for  fOutxCtsFlow  and   fOutxDsrFlow if _NO_ SetCommState() called after CreateFile().


    Only few fields of m_DCB initializing inside void CSerialPDD::SetDefaultConfiguration() , other fields got random values, because memory allocated via operator new() not zero initialized!


    Inside COM_Open of Serial MDD function ApplyDCB called with default values, but CSerialPDD::SetDCB fails in IsOpen() check, because no instances of driver are opened yet.

    It happens because HWOpen() follow after ApplyDCB inside COM_Open.


    This is not very high important issue, but still cause undefined behaviour, if SetCommState is not called after CreateFile.


    Sunday, June 12, 2011 2:46 PM