Microsoft KB Archive/129479

= PRB: _searchenv Does Not Check the Buffer Size =

Article ID: 129479

Article Last Modified on 12/9/2003

-

APPLIES TO

 The C Run-Time (CRT), when used with:  Microsoft Visual C++ 2.1

 Microsoft Visual C++ 4.0 Standard Edition

 Microsoft Visual C++ 5.0 Standard Edition

 Microsoft Visual C++ 6.0 Service Pack 5</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q129479

<div class="symptoms_section">

SYMPTOMS
If _searchenv is called with a pathname buffer (third parameter) that has a length shorter than the length of the fully qualified path name returned, the function will overwrite the buffer.

<div class="cause_section">

CAUSE
As the documentation states, "You must ensure that there is sufficient space for the constructed path." A number of CRT routines, including _searchenv, do not take a size parameter and cannot check to see if the buffer passed is big enough to hold the data. It is up to the programmer to make sure the buffer is large enough for the data.

<div class="resolution_section">

RESOLUTION
To avoid potential access violations that occur because of the overwrite, do one of the following:
 * Before calling _searchenv, check to see that the sum of the length of the filename and the length of any directory in the environment variable to be used (for example, the PATH) does not exceed _MAX_PATH. If it does, give an error message to the user.

-or-
 * Increase the length of buffer (pathname) passed to _searchenv so that it is at least as big as the sum of the length of the filename and the length of the longest directory in the environment variable to be used.

<div class="status_section">

STATUS
This behavior is by design.

Keywords: kbcrt kbprb KB129479

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.