16 Jul
2015
16 Jul
'15
6:49 p.m.
On 16.07.2015 21:23, Vincent Povirk wrote:
* The only interface to property (de)serialization provided by ole32.dll, the StgConvertVariantToProperty()/ StgConvertPropertyToVariant() functions, are poorly documented, hard to implement (HRESULTs need to be converted to NTSTATUS exceptions) and even more unpleasant to use (because one would need to catch the NTSTATUS exception and convert it back to a HRESULT). This is rather crazy and cumbersome.I remember being concerned that StgConvertPropertyToVariant does not accept a size for the serialized value. This is not good when we don't trust the data we're reading.
So, at least for deserialization I don't think we should use the public API.
Yes, I agree, it would be nice to have buffer length. Maybe the idea is to check some kind of a header first, could be that first DWORD is actually stream length, if that's the case it's not that bad.