Andrew Talbot wrote:
@@ -291,8 +291,9 @@ lend:
- Get DMP Name from the registry
*/ -HRESULT WINAPI DMOGetName(REFCLSID clsidDMO, WCHAR szName[80]) +HRESULT WINAPI DMOGetName(REFCLSID clsidDMO, WCHAR szName[]) { +#define NAME_SIZE 80 /* Size of szName[] */ WCHAR szguid[64]; HRESULT hres; HKEY hrkey = 0; @@ -311,7 +312,7 @@ HRESULT WINAPI DMOGetName(REFCLSID clsidDMO, WCHAR szName[80]) if (ERROR_SUCCESS != hres) goto lend;
- count = sizeof(szName);
- count = NAME_SIZE; hres = RegQueryValueExW(hkey, NULL, NULL, NULL, (LPBYTE) szName, &count);
This is incorrect. count is the size in bytes of the buffer passed in (szName) and so should be sizeof(szName) not sizeof(szName)/sizeof(szName[0]) (i.e. 80).
I see this patch has already been committed, so a9200b24014607c4c82fb052b97de88daa804a81 should be reverted.
If you want to pick up errors like passing the wrong size into functions then I would suggest using an automatic checker that is able to use semantic information, like Microsoft's PREfast.