Microsoft KB Archive/107387: Difference between revisions

From BetaArchive Wiki
m (1 revision imported: importing part 2)
m (Text replacement - """ to """)
 
Line 38: Line 38:
<pre class="CODESAMP">  char lpszString [80];
<pre class="CODESAMP">  char lpszString [80];


   lstrcpy (lpszString, &quot;[FileOpen(&quot;&quot;C:\README.DOC&quot;&quot;)]&quot;);
   lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
   DdeClientTransaction (lpszString,            // string buffer
   DdeClientTransaction (lpszString,            // string buffer
                         lstrlen (lpszString)+1, // string buffer length
                         lstrlen (lpszString)+1, // string buffer length
Line 57: Line 57:
   HDDEDATA hData;
   HDDEDATA hData;


   lstrcpy (lpszString, &quot;[FileOpen(&quot;&quot;C:\README.DOC&quot;&quot;)]&quot;);
   lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
   hData = DdeCreateDataHandle (idInst,
   hData = DdeCreateDataHandle (idInst,
                                 lpszString,
                                 lpszString,

Latest revision as of 09:12, 20 July 2020

PRB: Inadequate Buffer Length Causes Strange Problems in DDEML

Q107387



The information in this article applies to:


  • Microsoft Windows Software Development Kit (SDK) 3.1
  • Microsoft Win32 Application Programming Interface (API), used with:
    • Microsoft Windows NT Server versions 3.5, 3.51
    • Microsoft Windows NT Workstation versions 3.5, 3.51
    • Microsoft Windows 95





SYMPTOMS

Specifying an inadequate buffer length for an XTYP_POKE or an XTYP_EXECUTE command causes strange problems in DDEML.

Problems can range from a general protection (GP) fault or Exception 13, to DDEML timeout errors (such as DMLERR_EXECACKTIMEOUT or DMLERR_POKEACKTIMEOUT) or a DDEML transaction failure (or DMLERR_NOTPROCESSED). Sometimes, the application may seem to work for the most part, and then occasionally crash.

Data can be passed to the server application via XTYP_POKE or XTYP_EXECUTE in two ways:


  • Directly, as a pointer to the data or command string, as in the sample code below:

       char lpszString [80];
    
       lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
       DdeClientTransaction (lpszString,             // string buffer
                             lstrlen (lpszString)+1, // string buffer length
                             hConv,
                             hszItem,
                             CF_TEXT,
                             XTYP_POKE,
                             1000,
                             NULL); 

-or-


  • By creating a data handle, and passing that on to the DdeClientTransaction() call:

       char lpszString [80];
       HDDEDATA hData;
    
       lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
       hData = DdeCreateDataHandle (idInst,
                                    lpszString,
                                    lstrlen (lpszString)+1,
                                    0,
                                    NULL,
                                    CF_TEXT,
                                    0);
       if (!hData)
          DdeClientTransaction (hData,     // string buffer
                                -1,        // indicates hData is a data handle
                                hConv,
                                hszItem,
                                CF_TEXT,
                                XTYP_POKE,
                                1000, 

    NULL);



CAUSE

Because data is most commonly passed between applications in CF_TEXT format, a common problem with the string buffer length is setting it to lstrlen (lpszString), where lpszString is the buffer containing the string the client needs to pass to the server. Because the lstrlen()

function does not include the terminating null character, this can 

cause the system to append garbage characters to the end of the string, thus sending an invalid string to the server application.



RESOLUTION

When passing strings between two applications, the string buffer length should be set to lstrlen (lpszString) +1, to include the terminating null character ('\0').

Using DDESPY, it is easy to track down this problem, because one can follow the string being passed from the client to the server application. Garbage characters incorrectly being appended to the string usually indicate a problem with specifying an inadequate string buffer length.

Additional query words: 3.10 3.50 4.00 gpf gp-fault

Keywords :
Issue type : kbprb
Technology : kbAudDeveloper kbSDKSearch kbWin32sSearch kbWin32API kbWinSDKSearch


Last Reviewed: December 16, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.