BUG: CLIPOBJ_bEnum Can Overwrite End of Buffer

Last reviewed: September 18, 1995
Article ID: Q126417

The information in this article applies to:

Microsoft Win32 Device Development Kit (DDK) version 3.5

SYMPTOMS

If the buffer size used for CLIPOBJ_bEnum is a multiple of 16, this call may overwrite past the end of the buffer possibly causing heap or stack corruption or returning invalid data.

CAUSE

The internals of the CLIPOBJ may not account for the size of the count member that it must return in the buffer.

STATUS

Microsoft has confirmed this to be a problem in the Windows NT DDK version 3.10 and 3.50. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Additional reference words: 3.10 3.50
KBCategory: kbprg kbbuglist
KBSubcategory:

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 18, 1995
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.