#20 RTVJOBSTKE can reference beyond job stack entries

[Matt Tyler]

In Srvpgm JOBTKT, Sub-procedure RTVJOBSTK returns the number entries including itself to the caller. If the caller loops through all the entries on the stack by using the number of entries on the stack, the calls to RTVJOBSTKE can potentially access memory beyond the job stack entry references.

Example.
RTVJOBSTK returns 13 for the count, including itself in the count.

Looping for 13 times calling RTVJOBSTKE, it actually starts at entry number 2 and not 1 (RTVJOBSTK), thus the value of ActEnt ends up being 14 on the last call by the caller of RTVJOBSTKE. In some cases the data in that memory space is all X'00' but other times it contains data that makes the statment below invalid.

C CALLP CEETSTA(ArgPas:2:*OMIT) Procedure passed?
C IF ArgPas = 1
C EVAL %LEN(OutPrc) = QWVPL
C CALLP MemCpy(%ADDR(OutPrc)+2 :pStkEnt+QWVPD :QWVPL)
C ENDIF
RTVJOBSTKE needs to know the actual number of entries on the stack returned by RTVJOBSTK regardless of the Ent value passed by the caller of RTVJOBSTKE. Maybe there needs to be a GLOBAL value for this information.

My work around right now was to remove the code to start at entry number 2 (skipping the entry for RTVJOBSTK).