{"id":22463,"date":"2008-05-05T10:00:00","date_gmt":"2008-05-05T10:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2008\/05\/05\/if-you-pass-invalid-parameters-then-all-bets-are-off\/"},"modified":"2008-05-05T10:00:00","modified_gmt":"2008-05-05T10:00:00","slug":"if-you-pass-invalid-parameters-then-all-bets-are-off","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20080505-00\/?p=22463","title":{"rendered":"If you pass invalid parameters, then all bets are off"},"content":{"rendered":"<p>\nAlun Williams pointed out that\n<a HREF=\"http:\/\/blogs.msdn.com\/oldnewthing\/pages\/407234.aspx#512585\">\nif you pass invalid parameters to <code>DeferWindowPos<\/code>,\nit does not destroy the <code>HDWP<\/code><\/a>.\nWell, yeah, because if you pass invalid parameters,\nthen\n<a HREF=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2006\/03\/20\/555511.aspx\">\nall bets are off<\/a>.\n<\/p>\n<p>\nDifferent functions perform different degrees of parameter\nvalidation; the degree to which this is done is typically\nguided by security concerns.\nInformation that crosses security boundaries must be fully-validated,\nwhereas a call to an in-process function has very little in\nthe way of security obligations\nwith respect to invalid parameters, since a bad caller could\njust mess with the in-process function directly;\nno need to try to &#8220;trick&#8221; it with invalid parameters.\n<\/p>\n<p>\nIn practice, most functions that perform parameter validation go\nsomething like this:\n<\/p>\n<pre>\nSomeFunction(...)\n{\n if (any parameter is invalid) {\n   signal invalid parameter error in an appropriate manner\n } else {\n   actually do something\n }\n}\n<\/pre>\n<p>\n(In some cases, the validation code is not even written by a human being.\nInstead, there&#8217;s a script that parses the header files and\nautogenerates the validation code.)\n<\/p>\n<p>\nIf there is an invalid parameter,\nthe entire operation is typically abandoned.\nBecause, after all, how can you expect a function even to get\noff the ground when it doesn&#8217;t have all its parameters?\nI mean, how can the <code>DeferWindowPos<\/code> destroy the\n<code>HDWP<\/code> when it fails to validate its parameters,\nif the invalid parameter might be the <code>HDWP<\/code>?\n<\/p>\n<p>\nRegardless of the degree to which parameter validation occurs,\nif you pass invalid parameters,\nthen (generally speaking) there are no guarantees.\nPassing valid parameters is part of the\n<a HREF=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2006\/03\/20\/555511.aspx\">\nbasic ground rules for programming<\/a>.\nIf you break your end of the deal,\nthen the function is under no obligation to hold up its end.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Alun Williams pointed out that if you pass invalid parameters to DeferWindowPos, it does not destroy the HDWP. Well, yeah, because if you pass invalid parameters, then all bets are off. Different functions perform different degrees of parameter validation; the degree to which this is done is typically guided by security concerns. Information that crosses [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-22463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Alun Williams pointed out that if you pass invalid parameters to DeferWindowPos, it does not destroy the HDWP. Well, yeah, because if you pass invalid parameters, then all bets are off. Different functions perform different degrees of parameter validation; the degree to which this is done is typically guided by security concerns. Information that crosses [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/22463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=22463"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/22463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=22463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=22463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=22463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}