Corruption of temporary BAT files for Custom Build Steps (VC++)

Issue:       Corruption of temporary BAT files for Custom Build Steps
Type:        Buffer overflow, when using variable expansion (/macros)
Affected:    VS 2003 only(?)
Reproduce:   Use attached project
Requirement: Project is unzipped in Root of the given drive, such that
the project resides in for example
D:\CustomBuildstepCorrupted
(Other directories may be used, but then changes are
necessary to reproduce the problem)

---------------------------------------------------------------------
Details:
If you create a Custom Build Step which contains a certain number of
characters, _and_ you use variable expansion (or so-called macros) in
the step, it might fail.

It seem that if the buffer is between 2085-#chars_expanded and 2102
bytes, there is a buffer overflow. This truncates all, but the first
character on the first line, and the last line. So,

echo This is the 1st line
echo This is the 2nd line
echo This is the 3rd line
echo This is the 4th line
$(SolutionDir)bin\generate.bat

(please ignore the > 2085-#chars_expanded and < 2102 requirement, and
imagine that SolutionDir is set to "C:\CustomBuildstepCorrupted\") then
turns into

 eC:\CustomBuildstepCorrupted\bin\generat
e.bat

which, of course, fails brilliantly every time.
So, it seems that variable expansion wasn't taken into consideration
when calculating the buffer size needed to store the output of the
temporary BAT file used the running Custom Build Steps.


Now, since this problem is only triggered in a very narrow region of
buffer size, (it depends on how much is expanded) it can easily be
circumvented by "padding" the Custom Build Step to pass the upper limit
of 2102 characters.

I assume passing the 2102 boundary only triggers the usage of a larger
buffer, which when close to its boundary, also has the same problem.

Can anyone confirm this bug, and does anyone know of other boundaries
(say for the next size limit)?

Also, I've tested the attached project with both VS2002 & VS2005beta.
While none of them actually failed on this particular project, I'm
still not sure that the same problem doesn't exist there. They might
simply be at other buffer sizes. Can anyone confirm the existence/non-
existence of this bug in 2002 & 2005?

Is there planned any SP for VS2003? If so, when, and would a fix for
this issue be feasible in that SP?

Sincerely,
Marius Storm-Olsen

Hi Marius,

I have post a reply to this issue in the group
microsoft.public.vc.ide_general, please check it there.


Thanks for your understanding!

Best regards,

Gary Chang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------