I'm not a Registry guru by all means :-), but IMO the real bugs are at lines 701: new_key_name = _strdupnA(key_name,strlen(key_name)+dkh->keynamelen+1); and 1011: new_key_name = _strdupnA(key_name,strlen(key_name)+nk->name_len+1);
Not really as the code does this :
/* create new subkey name */ new_key_name = _strdupnA(key_name,strlen(key_name)+dkh->keynamelen+1); if (strcmp(new_key_name,"") != 0) strcat(new_key_name,"\"); strncat(new_key_name,dkh->name,dkh->keynamelen); So basically it does 'duplicate my string but add XXX bytes to it as I want to strcat to it a new string of len XXX'.
Lionel