16 Jul
2015
16 Jul
'15
7 p.m.
I remember being concerned that StgConvertPropertyToVariant does not accept a size for the serialized value. This is not good when we don't trust the data we're reading.
So, at least for deserialization I don't think we should use the public API.
Yes, I agree, it would be nice to have buffer length. Maybe the idea is to check some kind of a header first, could be that first DWORD is actually stream length, if that's the case it's not that bad.
Sadly, no, the size and how/if it's encoded depends on the type, which is the first thing in the structure.