|
|
|
|
|
|
by ploxiln
1665 days ago
|
|
|
Yeah, this function has a few surprising bits of sloppyness ... but: > NOTE(Kalinovcic): I have translated the original implementation to C Another point, this is a build-time tool: some assumptions of good-faith input are reasonable and necessary. If an attacker can modify paths to visual studio components in your registry, you have bigger problems (just running the attacker's code directly regardless of safe string handling). |
|
|