473,224 Members | 1,487 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

BUG: CFrameWnd::OnDDEExecute MFC 7.1

This function is executed when a application file is
double-clicked to open in a VC++ application.
Specifically, this function is enabled by
RegisterShellFileTypes () in the application's
InitInstance.
However, under MFC 7.1 for VC++ .NET 2003,
CFrameWnd::OnDDEExecute has a bug that repeatedly
generates this error message in the debugger

Error: failed to execute DDE command ''.

Therefore, the problem is that the command is not being
propagated properly to this function, since the string
should be something like
'[open("C:\YourFileNameHere")]'
rather than the empty string
''

Examining the code for this function in more detail, we
can see the bug here:

LPCTSTR lpsz = (LPCTSTR)GlobalLock(hData);
int commandLength = lstrlen(lpsz);
if (commandLength >= _countof(szCommand))
{
// The command would be truncated. This
could be a security problem
TRACE0("Warning: Command was ignored
because it was too long.\n");
return 0;
}
GlobalUnlock(hData);

The data string '[open("C:\YourFileNameHere")]' is stored
in the LPCTSTR lpsz. Then a check is done to make sure
that the length of this string is not longer than the new
buffer szCommand. However, the string is never copied in
szCommand, and the data is effectively released by
GlobalUnlock! Then when this command is executed

if (!AfxGetApp()->OnDDECommand(szCommand))

szCommand is empty, and the error is generated.

Hopefully, Microsoft will address this bug and issue a
patch. Please respond to this posting to indicate if this
problem is being addressed.

Thank you,
Marc Gustafson
Nov 16 '05 #1
5 4094
Marc Gustafson wrote:
This function is executed when a application file is
double-clicked to open in a VC++ application.
Specifically, this function is enabled by
RegisterShellFileTypes () in the application's
InitInstance.
However, under MFC 7.1 for VC++ .NET 2003,
CFrameWnd::OnDDEExecute has a bug that repeatedly
generates this error message in the debugger

Error: failed to execute DDE command ''.

Therefore, the problem is that the command is not being
propagated properly to this function, since the string
should be something like
'[open("C:\YourFileNameHere")]'
rather than the empty string
''

Examining the code for this function in more detail, we
can see the bug here:

LPCTSTR lpsz = (LPCTSTR)GlobalLock(hData);
int commandLength = lstrlen(lpsz);
if (commandLength >= _countof(szCommand))
{
// The command would be truncated. This
could be a security problem
TRACE0("Warning: Command was ignored
because it was too long.\n");
return 0;
}
GlobalUnlock(hData);

The data string '[open("C:\YourFileNameHere")]' is stored
in the LPCTSTR lpsz. Then a check is done to make sure
that the length of this string is not longer than the new
buffer szCommand. However, the string is never copied in
szCommand, and the data is effectively released by
GlobalUnlock! Then when this command is executed

if (!AfxGetApp()->OnDDECommand(szCommand))

szCommand is empty, and the error is generated.

Hopefully, Microsoft will address this bug and issue a
patch. Please respond to this posting to indicate if this
problem is being addressed.


Known problem. The solution I've seen recommended is to handle
WM_DDE_EXECUTE in your main frame window, copy the code from the MFC source,
and adding the missing line.

--
Doug Harrison
Microsoft MVP - Visual C++
Nov 16 '05 #2
Hi Marc,

Thank you very much for your post and feedback on the product.

Doug is right. This is a know issue. To workaround it, we could handle
WM_DDE_EXECUTE and add:

* Problem: CFrameWnd::OnDDEExecute in VC7/8 omitted the following 2 lines:
LPCTSTR lpsz = (LPCTSTR)GlobalLock(hData);
lstrcpyn(szCommand, lpsz, _countof(szCommand));
* Solution: add the missing lines (or better, use strings).

The issue will be fixed in VS.NET 2003 SP1.

If you have follow up questions, please post here.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! C www.microsoft.com/security
This posting is provided as is with no warranties and confers no rights.
Nov 16 '05 #3
Handled WM_DDE_EXECUTE in my MainFrame class and
implemented this work-around solution.
It's good to know that it will be fixed in SP1.

Thanks,
Marc
Nov 16 '05 #4
Hi Marc,

Thanks a lot for your feedback! :-)

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! C www.microsoft.com/security
This posting is provided as is with no warranties and confers no rights.
Nov 16 '05 #5
Hello,
I did, but got the 10 errors as follows:
c:\...\Sources 0.9.57\MainFrm.cpp(5196) : error C2065: 'WM_DDE_EXECUTE' : undeclared identifier
c:\...\Sources 0.9.57\MainFrm.cpp(5196) : error C3861: 'UnpackDDElParam': identifier not found, even with argument-dependent lookup
c:\...\Sources 0.9.57\MainFrm.cpp(5202) : error C3861: '_countof': identifier not found, even with argument-dependent lookup
c:\...\Sources 0.9.57\MainFrm.cpp(5211) : error C2065: 'WM_DDE_ACK' : undeclared identifier... and the like.
What I did is: Copied the function LRESULT CFrameWnd::OnDDEExecute(WPARAM wParam, LPARAM lParam) from winfrm.cpp and pasted at the end of my mainframe.cpp file and added 2 more lines to fix the bug.
Do we need something else such as include any header?
Thanks & Regards,
--
sabapathy [email address removed]
Yamaha Corporation<http://global.yamaha.com>
Japan
Mar 14 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: delerious | last post by:
I just found a bug that's related to positioning in IE 5.5 (could someone please tell me if this bug exists in IE 6, and if so, if my solution works in that browser?). I don't know if this bug has...
5
by: K. Shier | last post by:
when attempting to edit code in a class file, i see the bug "Visual Basic ..NET compiler is unable to recover from the following error: System Error &Hc0000005&(Visual Basic internal compiler...
102
by: Xah Lee | last post by:
i had the pleasure to read the PHP's manual today. http://www.php.net/manual/en/ although Pretty Home Page is another criminal hack of the unix lineage, but if we are here to judge the quality...
16
by: Edward Diener | last post by:
After spending more than a day reducing a complicated compiler bug to a simple case I reported it to the MSDN Product Feedback Center as a bug just now. However this bug is completely stymying my...
26
by: Patient Guy | last post by:
The code below shows the familiar way of restricting a function to be a method of a constructed object: function aConstructor(arg) { if (typeof(arg) == "undefined") return (null);...
158
by: Giovanni Bajo | last post by:
Hello, I just read this mail by Brett Cannon: http://mail.python.org/pipermail/python-dev/2006-October/069139.html where the "PSF infrastracture committee", after weeks of evaluation, recommends...
8
by: gw7rib | last post by:
I've been bitten twice now by the same bug, and so I thought I would draw it to people's attention to try to save others the problems I've had. The bug arises when you copy code from a destructor...
0
by: Kurt B. Kaiser | last post by:
Patch / Bug Summary ___________________ Patches : 385 open (+21) / 3790 closed (+21) / 4175 total (+42) Bugs : 1029 open (+43) / 6744 closed (+43) / 7773 total (+86) RFE : 262 open...
0
by: LiveTecs | last post by:
http://www.livetecs.com TimeLive Web Collaboration Suite is an integrated suite that allows you to manage project life cycle including tasks, issues, bugs, timesheet, expense, attendance. ...
12
by: Juan T. Llibre | last post by:
re: !I found an MSDN document that explains why what I'm trying to do should work Lee, From : http://www.w3.org/TR/REC-xml/ "A special attribute named xml:lang may be inserted in...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.