Hi,

On 10/15/15 06:57, YongHao Hu wrote:

• char temppath[MAX_PATH];
• TRACE("(%s %s %p %p)\n", debugstr_a(target), debugstr_a(dest), err_code, type);
• if(strlen(dest) > MAX_PATH) {

•    *err_code = ERROR_BAD_PATHNAME;
  

•    return NULL;
  

• }
• strcpy(temppath, dest);
• strcat(temppath, "\*.*");

There's still possible buffer overflow if e.g. strlen(dest)==MAX_PATH-2.

Thanks, Piotr