Dangerous printf
It took quite some time until I found this bug. Here’s a simplified version of what caused it:
char dir[2048]; GetCurrentDirectory(2048, dir); printf(CString("Current dir is:")+dir));
That’s doesn’t look bad, does it? And (like in the great programmer quotes), it works on my computer. But it doesn’t work if the customer’s current folder is something like “%&§something”, because it contains %s.
So don’t throw any external data at the first parameter of printf, sprintf, etc; instead put it into the following parameters.
printf(“Current dir is: %s”, dir);