If I remember correctly you can make shutdowns delayed of many days on Windows (using the InitiateSystemShutdown(Ex) function), in which case the 2-digit hour won't work at all.
Best, Hermès
-----Message d'origine----- De : Ros-dev [mailto:ros-dev-bounces@reactos.org] De la part de Thomas Faber Envoyé : lundi 2 avril 2018 14:13 À : Eric Kohl Cc : ros-dev@reactos.org Objet : Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf because the string will NEVER be longer than 8 character
Hey Eric,
On 2018-04-02 12:58, Eric Kohl wrote:
- RtlStringCbPrintfW(strbuf, sizeof(strbuf), L"%d:%d:%d", hours, minutes,
seconds);
- swprintf(szBuffer, L"%02d:%02d:%02d", iHours, iMinutes,
- iSeconds);
Unfortunately I must disagree with this change.
Buffer overflows are a big enough threat that code review and static analysis are not generally considered sufficient to protect against them. So it's best practice for new code to always verify sizes at run-time, and never to use s(w)print.
Best regards, Thomas
PS: from what I see, iHours can be as large as 1193046, which won't fit in 2 digits
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev