Microsoft KB Archive/107387

{|
 * width="100%"|

PRB: Inadequate Buffer Length Causes Strange Problems in DDEML

 * }

Q107387

-

The information in this article applies to:


 * Microsoft Windows Software Development Kit (SDK) 3.1
 * Microsoft Win32 Application Programming Interface (API), used with:
 * Microsoft Windows NT Server versions 3.5, 3.51
 * Microsoft Windows NT Workstation versions 3.5, 3.51
 * Microsoft Windows 95

-

SYMPTOMS
Specifying an inadequate buffer length for an XTYP_POKE or an XTYP_EXECUTE command causes strange problems in DDEML.

Problems can range from a general protection (GP) fault or Exception 13, to DDEML timeout errors (such as DMLERR_EXECACKTIMEOUT or DMLERR_POKEACKTIMEOUT) or a DDEML transaction failure (or DMLERR_NOTPROCESSED). Sometimes, the application may seem to work for the most part, and then occasionally crash.

Data can be passed to the server application via XTYP_POKE or XTYP_EXECUTE in two ways:

  Directly, as a pointer to the data or command string, as in the sample code below:   char lpszString [80];

lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]"); DdeClientTransaction (lpszString,            // string buffer                         lstrlen (lpszString)+1, // string buffer length                         hConv,                         hszItem,                         CF_TEXT,                         XTYP_POKE,                         1000,                         NULL); 

-or-

  By creating a data handle, and passing that on to the DdeClientTransaction call:   char lpszString [80]; HDDEDATA hData;

lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]"); hData = DdeCreateDataHandle (idInst,                               lpszString,                                lstrlen (lpszString)+1,                                0,                                NULL,                                CF_TEXT,                                0); if (!hData) DdeClientTransaction (hData,    // string buffer                            -1,        // indicates hData is a data handle                            hConv,                            hszItem,                            CF_TEXT,                            XTYP_POKE,                            1000,  NULL); 

CAUSE
Because data is most commonly passed between applications in CF_TEXT format, a common problem with the string buffer length is setting it to lstrlen (lpszString), where lpszString is the buffer containing the string the client needs to pass to the server. Because the lstrlen

function does not include the terminating null character, this can cause the system to append garbage characters to the end of the string, thus sending an invalid string to the server application.

RESOLUTION
When passing strings between two applications, the string buffer length should be set to lstrlen (lpszString) +1, to include the terminating null character ('\0').

Using DDESPY, it is easy to track down this problem, because one can follow the string being passed from the client to the server application. Garbage characters incorrectly being appended to the string usually indicate a problem with specifying an inadequate string buffer length.

Additional query words: 3.10 3.50 4.00 gpf gp-fault

Keywords :

Issue type : kbprb

Technology : kbAudDeveloper kbSDKSearch kbWin32sSearch kbWin32API kbWinSDKSearch