Security character functions and FD puzzles

First, describe the problem:

Program: Transparentgif

Situation: The program interface can be displayed normally. However, when the file dialog box is opened and the file is selected, the system will die:

 
Lresult callback callcuteframeonframeproc (cuteframe * PCF, hwnd & hwnd, uint & umsg, wparam & wparam, lparam & lparam) {return PCF-> onframeproc (hwnd, umsg, wparam, lparam );}
 

 

Then we found that all PCF content is changed to fdfdfdfd.

It was obviously overwritten and began to check the problem. It was very confusing at the beginning. This object is a static object and has not been deregistered in advance. later, in the release mode, the problem will not appear (but it will not be none). It should be caused by the debug memory mechanism.

Lock the PCF content, and set the breakpoint when the content is changed (method: Debug -- New breakpoint -- Data breakpoint, set the lock address). In the open file dialog box, press OK, PCF is immediately overwritten with FD. Check which function is modified: the source is found in memset (memset. ASM), the calling of the master function is _ func_name (tcscpy_s.inl), continue tracing, found to be a: wcscpy_s safe copy wide character function, why does this function overwrite my PCF object?

Later I found that one of my statements was as follows:

: Wcscpy_s (_ wccurgifpath, sizeof (_ wccurgifpath), ofn. lpstrfile );
 

 
Ofn is the ofn of the file dialog box. Obviously, the second parameter is doubled. The correct one is: sizeof ()/2.
 

 
Then, in the memory of the overwritten PCF, check up and find the _ wccurgifpath quietly lying there!
 

 
At this point, the problem was solved. Although it was a very small problem, I was confused for a day.
 

 
Write security functions carefully!