Yeah, so, Microsoft realized that Windows enjoys the reputation of the software running thereon, and did the smart thing: give everybody static analysis.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's really eye opening, although it DOES NOT seem to detect the (mistake) of calling PathAppend( pszPath, pszMore ) with a std::string/std::wstring as pszPath. That's a CERTAIN buffer overflow.
Indeed, I'm also doing a major refactor of Parameters.cpp/Parameters.h, and have seen about a million of those mistakes.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here it is.
Is "Static Analysis" available for every flavor of Visual Studio i.e. Express, Professional etc.?
Short answer: Yes.
Yeah, so, Microsoft realized that Windows enjoys the reputation of the software running thereon, and did the smart thing: give everybody static analysis.
It's really eye opening, although it DOES NOT seem to detect the (mistake) of calling
PathAppend( pszPath, pszMore )with astd::string/std::wstringaspszPath. That's a CERTAIN buffer overflow.Indeed, I'm also doing a major refactor of
Parameters.cpp/Parameters.h, and have seen about a million of those mistakes.Give me a few minutes while I tear my hair out, run around screaming, scare small children, kill puppies, and generally exude misery.