ID Number: Q79975
3.00
WINDOWS
Summary:
In a dialog box, when the GetDlgItemText() function is used to copy
text from the list box portion of a combo box, the nMaxCount parameter
to the GetDlgItemText() function is ignored. Memory will be
overwritten if the size of the buffer, which is specified by
nMaxCount, is smaller than the length of the currently selected item
in the list box.
More Information:
In version 3.0 of the "Microsoft Windows Software Development Kit
Reference Volume 1," the documentation for GetDlgItemText() states
that this function retrieves the caption or text associated with a
control in a dialog box. The GetDlgItemText() function copies the text
to the buffer specified by the lpString parameter and returns the
number of characters it copies. The string to be copied is truncated
if the value specified for nMaxCount is less than the actual string
length. GetDlgItemText() sends a WM_GETTEXT message to the child
window control.
The documentation for WM_GETTEXT states that in list boxes, the text
retrieved is the currently selected item, and wParam specifies the
maximum number of bytes to be copied including a null character to
terminate the string.
However, the WM_GETTEXT message generated by GetDlgItemText() is
translated by the combo box window procedure (which is internal to
Windows) to LB_GETTEXT where wParam is set to the index of the item
currently selected in the list box.
The documentation for LB_GETTEXT states that the buffer must be large
enough to receive the currently selected string and a null character
to terminate the string. Therefore, because nMaxCount is ignored, if
the buffer provided in GetDlgItemText() is smaller than the currently
string, it will overwrite memory, which might cause a variety of
difficulties.
If the combo box (or a list box) is the child of the application's
main window, instead of the child of a dialog box, then the
application can use GetWindowText() to retrieve strings from the combo
box. GetWindowText() makes an internal call, which respects the value
of nMaxCount and will truncate the string accordingly, instead of
placing LB_GETTEXT into the message queue.