Hacker News new | past | comments | ask | show | jobs | submit login

I never understood what backward compatibility was met by windows api not supporting >260 chars file paths. It will work just in the same was if you pass any short path and no old application expects a long path anyway.



Decades of binaries are in use doing something like

``` wchar_t filename[MAX_PATH]; CreateFileW(...) ```

in both first part and third party Windows code, often in deep callstacks passing file names around. Changing the length requires fixing them all.

See comments in https://archives.miloush.net/michkap/archive/2006/12/13/1275...


Your example isn't problematic API-wise, because CreateFileW doesn't need to care if you pass in 16 characters or 1600 - if it does, that is mostly a matter of refactoring and not inherent to how the function works. The real problem are APIs that inherently assume that you pass in a string of at most MAX_PATH characters, because you provide a pointer but no size, and the API is expected to write to that pointer. This affects most shell32 getter functions, e.g. SHGetKnownFolderPath.

But for functions outside of Windows itself, this is the exact reason why the long path feature is hidden behind an opt-in flag.


MAX_PATH is a #define. So its value is baked in to old binaries.

In RAM-constrained world of the past, you would stack-allocate `char buff[MAX_PATH]` and do all your strcpy/strspn in there with no problems.

Now, if that app receives a long path into a too short buffer, it will instantly stack overflow and may cause exploitable problems.


They have API calls that fill user-supplied buffers that have room for MAX_PATH characters.

See for example https://learn.microsoft.com/en-us/windows/win32/api/fileapi/..., which also shows how they gradually made the input argument more flexible:

- “By default, the name is limited to MAX_PATH characters. To extend this limit to 32,767 wide characters, prepend "\\?\" to the path”

- “Starting with Windows 10, Version 1607, you can opt-in to remove the MAX_PATH limitation without prepending "\\?\"”

I also guess there’s lots of code that sees those paths (anti-virus software, device drivers)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: