PRB: Inadequate Buffer Length Causes Strange Problems in DDEML (107387)


The information in this article applies to:

  • Microsoft Windows Software Development Kit (SDK) 3.1
  • Microsoft Win32 Application Programming Interface (API), when used with:
    • Microsoft Windows NT Server 3.5
    • Microsoft Windows NT Server 3.51
    • Microsoft Windows NT Workstation 3.5
    • Microsoft Windows NT Workstation 3.51
    • Microsoft Windows 95
This article was previously published under Q107387

SYMPTOMS

Specifying an inadequate buffer length for an XTYP_POKE or an XTYP_EXECUTE command causes strange problems in DDEML.

Problems can range from a general protection (GP) fault or Exception 13, to DDEML timeout errors (such as DMLERR_EXECACKTIMEOUT or DMLERR_POKEACKTIMEOUT) or a DDEML transaction failure (or DMLERR_NOTPROCESSED). Sometimes, the application may seem to work for the most part, and then occasionally crash.

Data can be passed to the server application via XTYP_POKE or XTYP_EXECUTE in two ways:

  • Directly, as a pointer to the data or command string, as in the sample code below: 
       char lpszString [80];

   lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
   DdeClientTransaction (lpszString,             // string buffer
                         lstrlen (lpszString)+1, // string buffer length
                         hConv,
                         hszItem,
                         CF_TEXT,
                         XTYP_POKE,
                         1000,
                         NULL);
-or-

  • By creating a data handle, and passing that on to the DdeClientTransaction() call: 
       char lpszString [80];
   HDDEDATA hData;

   lstrcpy (lpszString, "[FileOpen(""C:\README.DOC"")]");
   hData = DdeCreateDataHandle (idInst,
                                lpszString,
                                lstrlen (lpszString)+1,
                                0,
                                NULL,
                                CF_TEXT,
                                0);
   if (!hData)
      DdeClientTransaction (hData,     // string buffer
                            -1,        // indicates hData is a data handle
                            hConv,
                            hszItem,
                            CF_TEXT,
                            XTYP_POKE,
                            1000,
    NULL);

CAUSE

Because data is most commonly passed between applications in CF_TEXT format, a common problem with the string buffer length is setting it to lstrlen (lpszString), where lpszString is the buffer containing the string the client needs to pass to the server. Because the lstrlen() 
function does not include the terminating null character, this can
cause the system to append garbage characters to the end of the string, thus sending an invalid string to the server application.

RESOLUTION

When passing strings between two applications, the string buffer length should be set to lstrlen (lpszString) +1, to include the terminating null character ('\0').

Using DDESPY, it is easy to track down this problem, because one can follow the string being passed from the client to the server application. Garbage characters incorrectly being appended to the string usually indicate a problem with specifying an inadequate string buffer length.
Modification Type:MinorLast Reviewed:3/7/2005
Keywords:kbprb KB107387
©2004 Microsoft Corporation. All rights reserved.