6 Sep
2018
6 Sep
'18
3:05 p.m.
On Thu, Sep 6, 2018 at 5:51 PM, Huw Davies <huw(a)codeweavers.com> wrote:
What does Windows do if it's passed %12s for example?
Huw.
On Windows XP it works fine (Internet Explorer uses it) and shows what you'd expect from %12s. It's mostly for user interaction anyway, so I think Microsoft have some leeway in changing it in each version. That being said, I honestly don't think that copying security vulnerabilities from Windows is a good idea, even if it's technically "correct". It's not a good idea to crash on such invalid input in my opinion, even if an (unpatched?) Windows version does, especially since said input is external to the application.