It appears to me that the command variable is first
loaded from the registry with unlimited size --
shouldn't it be limited to MAX_PATH? (Against the
unlikely event someone put a really large string into
that registry value, by accident or on purpose, without
your program knowing.)
Also, command is allocated for MAX_PATH*3 + 6, but my
attempt to calculate its max size lead me to believe it
should be at least MAX_PATH*3 +7.
Registry value: I assume this is intended to be up to
MAX_PATH (altho I wonder if it mightn't be more, if it
is up to MAX_PATH for a program exe path, and then some
_tcscat(command, TEXT(" \""));
_tcsncpy(tmp, _file_name1, MAX_PATH);
_tcscat(command, TEXT("\" \""));
_tcsncpy(tmp, _file_name2, MAX_PATH);
That is +2 +3 +1 = +6 tchars
and you need at least one tchar for the terminating zero
(which _tcscat will put at end)
which would make +7 tchars including trailing zero.
Log in to post a comment.