Gerald Pfeifer gerald@pfeifer.com writes:
[ Marvin indicated testing went fine, and I did not see any feedback for two weeks. Only the description below has changed a little. ]
In enum_gac_assemblies we have the following
sprintf(buf, ", Version=%s, Culture=%s, PublicKeyToken=%s", ffd.cFileName, culture, ptr);
culture is declared as char[MAX_PATH], and WIN32_FIND_DATAA.cFileName is CHAR[260], so a mere size of MAX_PATH for the output buffer buf is not sufficient.
(We need to double sizeof(ffd.cFileName) since ptr also points into it.)
They all point into the same path, so the total size is not going to exceed MAX_PATH (modulo the additionally printed chars). And it doesn't make sense to fix this buffer but not the other ones, you are just moving the bug.