CXX.FUNC.T2OLE.LOOP
Do not call T2OLE or OLE2CT within a loop.
The T2OLE and OLE2CT macros make use of the alloca method, which when used in a loop can overflow the stack.
Vulnerability and risk
T2OLE and OLE2CT require stack memory allocation (specifically the alloca method in A2W). Using these macros in a loop (especially depending on the length of the string) could increase the probability of a stack overflow.
Mitigation and prevention
By placing the macro in a separate fuction and calling the function in the loop instead of the macro. Then, the allocated memory on the stack is freed each time the function returns.
Example
for(int cnt = 0; cnt < 100000; cnt++)
{
T2OLE(sArea);
ptr->PutStringProperty(T2OLE(_T("DATA10")));
}
The stack space consumed is 100000 times the total allocated ineach loop, which is a wide char for each character in each string added together. i.e. Lots!