CreateProcess() calls should quote the executable they are trying to start.

Hi.

   A slight quirk I ran into by accident while looking for a similar
problem in a different software product - TortoiseSVN's CreateProcess()
Windows API calls should quote their executable path, at least in cases
when it contains spaces.

   This avoids problems with unexpected executables getting triggered.

   To see one such potential problem do the following:
     * Have your TortoiseProc.exe located in "C:\Program
Files\TortoiseSVN\bin".
     * Create a simple hello world program and store it as:
"C:\Program.exe".
     * Open TortoiseSVN's AboutBox dialog.
     * Click on the 'Check For Updates..." button.

   And you will now see the hello hello world program flash by instead
of the expected update check. :-)

   The problem originates with CreateProcess() trying to be overly smart
and trying to guess whether perhaps you gave it an unquoted executable
path/name containing spaces if it can not find it directly, effectively
covering this problem up and allowing someone to modify TortoiseSVN's
behaviour just by adding a new file in the system.

   For this exact use case the command-line seems to be constructed in
src\TortoiseProc\AboutDlg.cpp by simply using an unquoted
GetModuleFileName() result.

   Hope this helps.

   Best regards,
     Jurko Gospodnetić

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2972767

To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2012-06-23 14:18:54 CEST