Re: [ntdev] System device enumeration and DevicePath

MERA and similar rules are about ensuring that code is provably correct. This is importantly when engineers are personally liable for the failure of life critical or safety critical systems. Avoiding dynamic allocations avoids non-deterministic effects and significantly reduces the complexity of formal proof of code correctness.fgtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbnqweASMH’

All of this stuff is not very relevant for Windows or any other virtual memory system as failures can happen at any point for reasons entirely beyond your control

Sent from Surface Pro

From: Maxim S. Shatskih
Sent: ‎Tuesday‎, ‎March‎ ‎31‎, ‎2015 ‎12‎:‎20‎ ‎AM
To: Windows System Software Devs Interest List

Just one minor correction – if char DeviceName is inside of a block
then it is an automatic variable (stack allocated)

Oh yes, let’s overflow the stack :slight_smile:

Stack-allocated variables are evil, at least in most OS kernels where you have very limited stack space. I doubt that embedded world have lesser strict stack size limit then Windows kernel.

The world is exactly vice versa to what MISRA suggests :slight_smile:

hr = pDevEnum->CreateClassEnumerator(CLSID_VideoInputDeviceCategory, &pEnum, 0);

Don’t you understand that this line of code will do probably like 100 alloc/free calls in it?

In my opinion there is no point in allowing video capture (or any other
device) drivers to waste up to 64KB of memory per device attached.

Correct. That’s why dynamic allocations are here.

It is absolutely amazing (I would say it is the monthly greatest thread on this forum) to avoid dynamic allocations working with DirectShow on Windows, which are surely written to a paradigm perpendicular to what MISRA suggests?

symbolic links for devices with 32,767 Unicode characters is some sort
of “future proof” design?

Modern (i.e. 1990-up) OSes just avoid any such limits. The limit is “up to memory permits” or “up to datatype size permits” (as for strings).

The MAX_PATH limit in Windows is MS-DOS legacy from 1980ies, and native Windows layers are free from it.

Also suggestion to “just use CString” is bad because BSTR returned by
reading the property bag can contain embedded null characters

DirectShow device name (which is in turn PnP devinterface name) contains embedded NULLs?

could theoretically truncate the string and break your code.

At least the code will not crash miserably, as what MISRA-compliant code will do :slight_smile:

The code will just fail on device open.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

This string was the result of my two year old son’s influence - he seems to be attempting to master the keyboard with his foot

Sent from Surface Pro

From: Maxim S. Shatskih
Sent: ‎Tuesday‎, ‎March‎ ‎31‎, ‎2015 ‎1‎:‎08‎ ‎PM
To: Windows System Software Devs Interest List

MERA and similar rules are about ensuring that code is provably correct. This is importantly when
engineers are personally liable for the failure of life critical or safety critical systems.

…which is surely not anything related to Windows or Linux, and to DirectShow, OA and BSTRs especially.

correctness.fgtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbtbnqweASMH’

Is this the string to trigger a buffer overrun? :slight_smile:


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer