none
Bugs inside SERIALUSBFN & COM MDD (?) RRS feed

  • Question

  • Hello, I wanna point to some issues which I found inside SerialUSBFN and COM MDDs drivers of Windows CE. (Applied to CE50 - CE70 seems)

     

    In file located:

    %WINCEROOT%\PUBLIC\COMMON\OAK\DRIVERS\USBFN\CLASS\SERIAL\usbfndrv.cpp 

    inside function:

    void USBSerialFn::XmitInterruptHandler(PUCHAR pTxBuffer, ULONG *pBuffLen) 

    check:

    if ((m_DCB.fOutxCtsFlow && IsCTSOff()) ||(m_DCB.fOutxDsrFlow && IsDSROff())) { // We are in flow off 

    this code use random values for  fOutxCtsFlow  and   fOutxDsrFlow if _NO_ SetCommState() called after CreateFile().

     

    Only few fields of m_DCB initializing inside void CSerialPDD::SetDefaultConfiguration() , other fields got random values, because memory allocated via operator new() not zero initialized!

     

    Inside COM_Open of Serial MDD function ApplyDCB called with default values, but CSerialPDD::SetDCB fails in IsOpen() check, because no instances of driver are opened yet.

    It happens because HWOpen() follow after ApplyDCB inside COM_Open.

     

    This is not very high important issue, but still cause undefined behaviour, if SetCommState is not called after CreateFile.

     

    Sunday, June 12, 2011 2:46 PM