==============================================================================
Known Problems With March Win32 SDK
==============================================================================

Microsoft is committed to providing quality products and
encouraging software development. In response to developer
demand we have prepared the following list of bugs. This list
reflects all of the known problems with the March Win32 SDK
utilities, documentation, headers, libraries and APIs as of the
day it was released to manufacturing. It does not include any
system utilities bugs or end-user related bugs.

This list is provided for reference only. It is intended to
prevent programmers from losing valuable time debugging their
Win32 code if, for example, an API is behaving in an unexpected
way. If you are experiencing problems with any of the SDK
components, please consult this list.

While Microsoft clearly wants to release a system with as few
bugs as possible, the appearance of a bug on this list does not
guarantee that it will necessarily be fixed in the next release.
We will continue to post updated lists with each release. These
lists only reflect known bugs at the time of that release. If a
bug no longer appears on the following updated list, then it has
been fixed.  There is no plan to provide interim status
information on these bugs.

Please continue to submit bugs that we have not included on
this list as you discover them. Your feedback is essential to
ensure that Windows NT is a quality product which meets both the
end-user's and the programmer's needs.

Thank you for your feedback and for investing time in testing
and reporting problems.


==============================================================================
Table of Contents:

   Section I - API - User
  Section II - API - GDI
 Section III - API - BASE
  Section IV - Win32 SDK Tools
   Section V - Compiler/ C Run-time
  Section VI - RPC
 Section VII - Winnet/ Winsock
Section VIII - POSIX

==============================================================================
Section I:  API - User

 1. mciSetYieldProc() Always Returns Failure Under WOW

 2. The Call to mciSendString() Succeeds, but the Command Sent is Ignored.

 3. SetAudio() Should Only Allow Volume to 1001; However, Volume Up to 65535
    Are Being Allowed.

 4. Seeking For Data on a CD Containing Data and Audio Will Fail After
    Listening to Audio on the CD

 5. Calling waveOutWrite() with 0 Buffer Length Does Not Post Message

    When waveOutWrite() is called with a header containing a valid Buffer but
    a dwBufferLength of 0, it does not post a MM_WOM_DONE message when a
    callback window is used. This occurs with the MIPSSND and JazzSnd drivers.

 6. Calling SetCaretBlinkTime() Works, but the API Returns FALSE

 7. DDESPY Randomly Returns A Bad Atom

 8. There is a Problem With Unadvising When Multiple Formats Are Used For
    the Same Item

 9. Running Multiple Threads May Cause DDEML Shutdown to Hit an Exception

10. WM_HOTKEYEVENT Is Not Used in the System and Is Mistakenly Included in
    the Header Files.

11. Extended Characters Can Only Be Entered From the Numeric Pad

    Holding down the ALT key to enter extended characters only works if the
    NUM LOCK is on, and the number keypad is used. Without the NUM LOCK on,
    attempting to use the standard numeral keys doesn't work. The machine
    just beeps.

12. CheckMenuItem() & EnableMenuItem() Return Wrong Error Code

    When a menu handle of 0xFFFFFFFF is passed into CheckMenuItem or
    EnableMenuItem, the return from GetLastError() is not
    ERROR_INVALID_MENU_HANDLE (1401L). It is ERROR_INVALID_HANDLE instead.

13. WM_NCLBUTTONUP Message Missing From Double-click

    Under Windows 3.x, the results of double clicking on a menu item are:

        WM_SETCURSOR (lParam==WM_LBUTTONDOWN)
        WM_NCLBUTTONDOWN
        WM_SETCURSOR (lParam==WM_LBUTTONDOWN)
        WM_NCLBUTTONDBLCLK
        WM_NCLBUTTONUP

    Running a Win16 or Win32 binary under Win32 results in the same as above
    less the final WM_NCLBUTTONUP

14. Caret Can Move Outside of Multi-line Edit Controls With Horz Scroll Bars

    To demonstrate the behavior follow these steps:

        1) Run generic and bring up the About box
        2) Enter characters (> 3) in the edit controls
        3) Press <Home> to bring the caret to the beginning of the edit
           control
        4) Now press the right arrow in the horz scrollbar. The caret will
           move outside of the left edge of the control. To make this more
           noticeable, try 10 or more characters.

15. GetWindowLong( NULL, 0 ) Causes the Calling App to Hit a Client-side
    Access Violation if it is the First USER API Called

16. CreateBitmap() Doesn't Work Unless the Device and Icon Color Depth Match

17. CreateIconFromResource() Doesn't Work Correctly for Color ver2 Icons

18. Combo-box Listboxes Are Never Being Freed

19. If a Call is Made to MessageBox() With Parent = NULL Doing an Alt-tab
    Causes a Fault.

20. Passing a NULL HICON to DrawIcon() Should Return FALSE. It Currently
    Returns TRUE.

==============================================================================
Section II:  API - GDI

 1. DEVMODE Structure's DM_INTERLACED Field Not Expandable in Helpfile

 2. Print Manager Device Color/Halftone Properties, Pixel Diameter Incorrect

 3. Halftone Fails When Source is 16-bit DIB

 4. MaskBlt() Fails to Apply Mask When Printing on PSCRIPT

 5. Printer Drivers Report Incorrect wcFirst, Last, Break, Default to GDI

 6. StretchDIBits() With RLE Bitmaps Broken

 7. GetDIBits() Does Not Fill Bits in For RLE For 8 bpp

 8. Patterned Pens Fail With 4 bpp VGA Modes

 9. StretchDIBits() Monochrome Puts is Off By One in the y-axis

10. ArcTo() With an Empty Bounding Box Produces Inconsistent Output When
    A Transform is Applied.

11. Bitmap w/palette Fails to Output Text With Compatible DIB

12. Access Violation From CreateDC( NULL, ...)

13. StretchBlt/PlgBlt() Do Not Appear Properly for Non-zero Origin

14. Blt() is Slow for ROPS(6666,cc66,e2e2)

15. FONTS: FS_ERROR using Stencil font

16. GetTextMetricsW() Returns Wrong tmLast For TT, Vector Fonts

17. Access Violation If FO_HGLYPH is Returned By PSCRIPT Driver

18. Rasterizer Error: 0x1201, POINT_MIGRATION_ERR, Printing to Laserjet IID

19. SetDIBitsToDevice() Causes Exception in WOW on x86

20. ulPalReserved in GDIINFO is Ignored

21. DeviceCapabilitiesEx() Does Not Work

22. BITMAP Structure Field bmWidthBytes Should Be WORD Aligned

23. 16 bpp Output Does Not Map Colors Correctly When Printing

24. StretchDIBits() Ignores Clipping Region When Printing If Either x or y
    Extent is Negative

25. MaskBlt() With Color Palette Broke in PSCRIPT

26. PaintJet Will Not Output MaskBlt() Correctly for 16 bpp

27. PolyTextOutA/W() Are Not Deallocating Memory Properly

28. METAFILE32: MaskBlt()/Negative Extents Fails With Scaling or Rotation

==============================================================================
Section III:  API - Base

 1. GET_PARTITION_INFO IOCtl May Return Bad Info in the Boot Indicator,
    Recognized Partition, and Rewrite Partition Fields

    You can get the correct information from the GET_DRIVE_LAYOUT IOCtl.

 2. Wrong Error For Opens That Fail Due to Sharing Violations on NTFS
    Partitions

    The error code returned is for Path Not Found instead of the error code
    for Access Denied.

 3. Read-only File On NTFS May Be Overwritten

    If CreateFile() is called with CREATE_ALWAYS specified, and the name of an
    existing, read-only file on NTFS, the file will be overwritten.

 4. Debug Privilege Is Not Enforced

 5. Some Events Are Incorrectly Audited

    This includes invalid password, taking ownership, local group
    creation/deletion.)

 6. Some Connections to a Windows NT Machine Are Left Around Forever

    This happens when the client is verified as who it claims to be, but the
    policies are set up on the server to not allow that person on.

 7. MEP Does Not Accept Extended Characters Entered Using Numeric Keypad

 8. The Redirector Does Not Yet Support the Alternate Data Streams of NTFS

 9. MoveFile() Will Not Move Files to a Directory That is Marked as Read-only

10. MoveFileEx(... MOVEFILE_DELAY_UNTIL_REBOOT | MOVEFILE_REPLACE_EXISTING)
    Will Not Work If the Destination File Exists

    This only is a problem with HPFS partitions on MIPS machines.

11. HeapCreate() Called With cbMax=0 Will Fail If 1 < cbInitial < 192

12. GlobalSize() May Fail If It Is Called With a Non-memory Handle

    GetlastError() reports ERROR_INSUFFICIENT_BUFFER (122).

13. HeapAlloc APIs Are Prototyped as LPSTR and Not LPVOID

    Affeccted APIs include: HeapAlloc(), HeapReAlloc(), HeapSize() and
    HeapFree().

14. FormatMessage() Word-wraps Incorrectly, Resulting in Lines That Are Too
    Long

15. LockResource() On Handle Returned by FindResource() Works as Expected, Not
    As Documented

    This may be a doc bug, but it may be an API bug.

16. WideCharToMultiByte() May Improperly Convert Strings That Begin With a
    Non-spacing Character

17. Two Processes Can Successfully Open the Same Tape Device

    This happens even if the sharing flags are set to exclusive access.

18. GetFileVersionInfoSize() May Fail Without Properly Setting the Last Error

19. GetFileVersionInfo() Does Not Honor the Buffer Size That is Passed In

    It is possible that the API will overwrite some of the data if the buffer
    that is passed in is too small.

==============================================================================
Section IV:  Win32 SDK Tools

 1. WinDbg Should Check If DLL Has Changed When Reloading

    Symbols are not actually reloaded, therefore the DLL should be checked to
    see if it has changed and the symbols reloaded.

 2. WinDbg Does Not Support 64-bit integers in MIPS Expression Evaluator

 3. WinDbg DM Gets Wrong Exe Name For Non-root Processes

 4. WinDbg Does Not Allow Editing in Locals, Watch, and FP Windows

 5. Expanding Item in WinDbg Locals Window Causes Shift

    Open the Locals window, size so that a vertical scroll bar appears.
    Scroll so that the last expandable item is in view. Expand the item.
    The view shifts to the top of the list of locals.

 6. Update In One Memory Window Does Not Similarly Change Second Window

    Open two Memory windows in WinDbg. Changes to data in one window
    are not reflected in the other window until it gets the focus.

 7. Problems Paging in WinDbg in 10-byte Real Format on x86

    Do the following:

        windbg generic
        p
        Select Window.Memory
        Enter "eip" for address.
        Select 10-byte real format
        Page down

    The address originally at the bottom should be up at top, but this
    address is well off the top of the screen.

 8. WinDbg Expression Evaluator Fails With (float)**fPtr and (double)**dPtr

    The values are displayed as integers, not as reals.

 9. Radices Under WinDbg

    Only radix 16 overrides are acceptable when the default radix is 10. All
    radix overrides (0o, 0x, 0t) should be accepted.

10. WinDbg Incorrectly Displays 10-byte Floating Point Variables

11. Local Symbols Not Available in Exception Filters under MIPS WinDbg

12. MIPS WinDbg Stack Traces Fail

    The argument values and stack offsets vary widely.

13. MIPS WinDbg Status Register Bits In Register Window Not Complete

    imsk components are displayed as int0-int5, int6&int7 are missing
    rp, fr, re, ds (and components) and ie are not displayed
    kuo, ieo, kup, iep, kuc, iec are defined for R2000, R3000, and R6000,
        but not the R4000
    There are other coprocessor 0 registers that should be added

14. Maximum State of WinDbg Not Restored When Using Workspace

15. WinDbg Breakpoints in Workspace Are Not Highlighted, but Appear With bl

16. WinDbg Breakpoint Not Highlighted if Breakpoint Is Set On Unopened File

17. Default Display Format for Doubles in WinDbg Not Precise

18. WinDbg Remote Options.Transport DLLs.Change Should Be Grayed Until A
    Change Is Made in an Edit Field

19. WinDbg ed Command Takes Negative Numbers, eb and ew Do Not

20. Problems With WinDbg Conditional Breakpoints

    After stepping over a function which has a conditional breakpoint which
    fails (i.e. continues), the breakpoint set to end the step is cleared, so
    this behaves like a Go.

21. WinDbg Breakpoint Highlight Not Removed By bc or Unresolved bp Dialog

22. WinDbg Locals Windows Collapses Expanded Structs On Scope Change

23. Stack Overflow Missing from WinDbg Exception List

24. Executable Cannot Be Overwritten After WinDbg Run.Stop Debugging,

25. Field Outside WinDbg Locals Window Will Not Get Change Highlight Color

26. WinDbg Watch Window Backtab Does Not Work Properly

27. Hitting Breakpoint During Step Does Not Work Correctly

28. WinDbg Assertion

    Assertion failed - Line:280, File:D:\nt\private\windbg\windbg\apisupp.c
    Condition:LppdCur

29. WinDbg Assertion

    Assertion Failed - Line:1061, File:D:\nt\private\windbg\windbg\codemgr.c
    Condition:FindDoc(SrcFname, &doc, TRUE)

30. WinDbg Message "error loading DLL" Can Be Misleading

    This message may occur when a bad name is read from the registry.

31. Disasm Window Gets Incorrect Starting Offset

    Open the disasm window. Step. Open the disasm window. The address for a
    dump of the disasm is 0:0, not the program counter.

32. Boolean Expressions Containing Registers May Be Evaluated Incorrectly

33. Results of Boolean Expressions Should Be int, Not short

34. WinDbg Exit Differs Using File.Exit and q (in Command Window)

35. Starting WinDbg Under Checked Build Results in "Invalid Window Handle"

36. Can Not Change the Value of Array Members Under WinDbg

37. WinDbg File.Open Dialog Does Not Remember Previous File Type

38. Breakpoint Highlight Not Shown In WinDbg

    Open a source file, scroll down and set a breakpoint. Close the file. Open
    the file and scroll down. The breakpoint is not visible, but it is
    correctly set.

39. WinDbg Locks Up After CXX0002: Error: error accessing user memory

    Due to a problem that the expression evaluator has with static function
    calls.

40. WM_CANCELJOURNAL Message Missing From WinDbg Breakpoint Message List

41. ? func() and ? MyClass::Func() Do Not Behave the Same

    For the former, the address and prototype are dumped. For the latter, the
    expression is evaluated.

42. dc func and dc MyClass::Func Do Not Behave the Same

    For the former, the function is disassembled from its beginning. For the
    latter, disassembly begins at address 0.

43. Text Selection Does Not Work in WinDbg Watch Window

44. Text Selection in WinDbg QuickWatch Window Leaves Caret in Odd Location

45. WinDbg Windows.Arrange Icons Not Activated For Certain Icons

    These icons are namely for minimized Watch, Register, or Locals windows.

46. WinDbg Can Not Debug an App Compiled with -Gy and Linked With -order

    This is actually a bug in the linker.

47. WinDbg Remote Disconnect Does Not Unload Transport

48. Incorrect Scrolling For End Key In WinDbg Watch Window

49. WinDbg Does Not Properly Handle WinDbg Remote Breaking the Connection

50. OK Button in WinDbg Run.Set Process Dialog Should Be Gray Unless Process
    is Selected

51. WinDbg Breakpoints Resolved After Module Load Are Not Colored

52. Horz. Scrollbars in WinDbg Locals, Watch, Registers Windows Can Scroll
    Too Far

53. WinDbg dc Command Should Only Disassemble 8 Instructions

54. Problems With WinDbg QuickWatch Window

    After opening the window, both the Change and Add buttons are marked as
    selected. The Watch Expression box is not selected. It may contain a
    garbage character left over from the last window in focus.

    The button labeled "Add" should be qualified as "Add to Watch Window". To
    enter into QuickWatch List, hit enter.

55. WinDbg Issues Bad Message When Changing Focus With New Untitled Window

    To reproduce, open a new file, focus away from WinDbg, restore focus to
    WinDbg. WinDbg says "UNTITLED 1 No longer exists on disk, use
    File.Save to restore it".

56. LPSTR Array Elements Not Displayed in Watch Windows in MIPS WinDbg

57. WinDbg Does Not Find Source If the Executable Name is Fully Qualified

58. Format Specifiers Should Not Be Allowed on Structures in WinDbg Watch
    and Locals Windows

59. Problem With WinDbg Exception Names that Contain a Slash

    Go to the Options Menu and choose Debug. Go to Exceptions, select
    "I/O Error in Paging". The data is not copied into the proper edit boxes.
    Press the Enable button, the text associated with the exception changes
    to "Unknown".

60. WinDbg Cannot Set Message Breakpoint if WndProc Is In a DLL

61. WinDbg Caret Not Placed After Command Prompt On Startup

62. WinDbg attach Command Does Not Accept Radix Overrides

63. WinDbg Disassembly Window Not Updated After Tracing Into DLL With No
    Symbolic Information

64. Changing Symbol Load State of USER DLLs Requires Debuggee Unload

65. WinDbg Run.Toggle Source/Asm Mode Only Goes From Asm Mode To Source

66. WinDbg ln Command Outputs Import Data

67. Access Violation From WinDbg When Terminating After Failed Connection

68. Cannot Re-Add Deleted Exceptions In WinDbg Exception Dialog

69. ListBox in WinDbg Edit.Find Does Not Retain History

70. WinDbg Ctrl-] Does Not Ignore Characters Inside Quoted Strings

71. WinDbg Locals Window Does Not Display Variables After Run.Stop Debugging

    Do Run.Stop Debugging, overwrite the executable, then go back to WinDbg.
    The Locals windows will not display anything until it is closed and
    re-opened.

72. WinDbg Does Not Use Access Token of Original Primary Thread

73. WinDbg Asserts When Attempting to Copy A Large Amount of Text from
    Disasm Window

    Assertion Failed - 2522 edit.c
    YL <= YR && YR < Docs[v->Doc].NbLines

74. WinDbg Disasm Window Not Always Autoscrolled When Selecting Text With
    Mouse and the Mouse is Below the Window

75. Files Cannot Be Saved in WinDbg When Iconized

76. Cannot Always See Last Line Of WinDbg Command Window

77. WinDbg Scrolls Horizontally When Selecting Block

78. WinDbg May Confuse Source Files

    For example, suppose an app has two source files that have the same name
    (but live in different directories). You may not be able to set
    breakpoints in the files.

79. WinDbg Wants to Instantiate Breakpoint in More Than One Location

    This can happen with functions defined in C++ header files included in
    more than one source file.

80. WinDbg Remote on Win32s Should Only Allow One Instance To Be Run

    This is because WinDbg's DLL uses instance global data, which is not
    supported on win32s.

81. WinDbg Should Be Able to Disambiguate Functions that Can Be Thunks

    Take GetMessageA(). dc GetMessageA disassembles memory starting at the
    thunk for GetMessageA(). bp GetMessageA() sets a breakpoint at the start
    of the function GetMessageA() in USER32.DLL.

82. Inconsistent Thread/Process State When Thread is Blocked

    The thread is Running but the process is Not Running.

83. WinDbg Cannot Disassemble cmpxchg, invd, invlpg, and wbinvd

84. WinDbg DOC Errors

    Debug.Breakpoints Dialog:
    Under Status, V should indicate that the address for the breakpoint has
        been obtained, but the breakpoint has not been set in memory
    No mention of Process or Thread fields
    No mention of Message or Modify buttons
    Breakpoints types in help do not match those in the combobox
    Options.Debug.User DLLs dialog:
    DLL List contains DLL Name, Loaded, Not Loaded, Suppress, Suppressed,
        Local
    To enable/suppress the loading of debug info for a DLL in the DLL list,
        select the DLL, click Load/Suppress, then click Modify
    No mention of Defaults or Browse buttons
    Search Path field can be found in the User DLLs.Defaults dialog
    Options.Debug.Debugger DLLs dialog help is outdated
    Dialogs which have no help:
    Debug.Breakpoint.Message
    Options.Debug.User DLLs.Defaults
    Help.Contents.Quick Look.Key to the Toolbar.Go has a description of Source
        files. This is left-over from QCWIN. It is not possible to build the
        project using WinDbg.
    Options.Watch.Help brings up help for Debug.Watch Expression
    Additions to Debug.Quickwatch help
    In order to do the quickwatch, the item must be in scope
    A carriage return is required after editing the expression box
    Expressions can be added to the watch window
    Edit.Find popup box for Find Options lists these non-existent options
    Wrap on Search
    Prompt on Wrap
    Contents.Quick Look.Shortcut Keys for Debugging gives Ctrl-F9 as the
        accelerator for Modify Variable, which does not exist
    Options.Environment.Help maps to Debugger Options help
    No help exists for Toggle Source/Asm mode
    Assemble command listed in Command Window Reference is not supported
    Display Memory in Command Window Reference contains self-referential link
    Go command does not support g=startaddress syntax

85. Certain STATUS Codes Should Be Defined As Exceptions in WINBASE.H

    STATUS_ILLEGAL_INSTRUCTION
    STATUS_NONCONTINUABLE_EXCEPTION
    STATUS_INVALID_DISPOSITION
    STATUS_STACK_OVERFLOW

86. Symbolic Constant Needed for WaitForSingleObject() Error Return

87. RC Incorrectly Processes Extra Zero-containing Strings

    The result is that VerQueryValue() returns an incorrect length.

88. RC Cannot Compile An Empty Accelerator Table

89. RC Should Remove Temporary Files If Terminated

90. SPY Should Report That You Cannot Spy on Console Windows

91. Windiff Does Not Report Error When Printing With No Printer Installed

92. CAP Fails on COFF.EXE

93. CAP Profiler Does Not Support Dynamically Loaded DLLs

94. CAP Does Not Work Properly With Multi-threaded Apps

    The data for threads that are terminated is not separated from that of new
    threads with the same ID.

95. CAP Does Not Report Accurate Times for Routines With No Return

96. MS-TEST: WButtonExists() Does Not Find Button

97. MS-TEST: ComboSelText() Cause GP Fault With App Being Tested

98. MS-TEST: Ctrl+Esc Does Not Stop Execution of Script

99. Message Compiler Mishandles Null Entries

==============================================================================
Section V:  Compiler/ C Run-time

 1. C Run-time Errors Cause GUI Apps To Die Without Explanation

    The mechanism for reporting C Run-time errors is currently console-based
    only. For example, an integer divide-by-zero in a console app causes the
    C-runtime to print "runtime error R6003 - integer divide by 0" on the
    console, but a divide-by-zero in a GUI app simply kills the app with no
    indication of what caused the failure.

 2. SETJMP.H Lacks extern "C" Declaration

 3. CRT signal() Does Not Always Detect FP Overflow

 4. MIPS: fscanf() Data Must Be Aligned on 32-bit Boundaries

 5. ERRNO.H Has Missing/Conflicting Error Codes

    ENAMETOOLONG and ENOTEMPTY conflict with defines in WINSOCK.H.

    ERRNO.H no longer defines:

        EZERO
        ENOTBLK
        ETXTBSY
        EUCLEAN

6.  -Gr and -Gz Can Cause An Internal Compiler Error

7.  Invalid Syntax and /Gz Can Cause Internal Compiler Error

8.  C1001: codegen.c, line 2453 With _asm loop $

    void main()
    {
      _asm loop $
    }

    Generates: C1001: internal compiler error, compiler file codegen.c,
    line 2453

9.  Static Member Function May Not Be Emitted As COMDAT

10. MIPS: Warning Levels Differ Between cl386 & mcl

11. Bad Line Numbers If Image Contains Multiple Code Sections

12. Page 247 of Tools Manual Should Show 0x4000 as 16K

13. Bad Module Address Generated When a Static Function is Multiply Defined

14. Redirection in Console Via C-runtime Fails

15. Assert Macro Works, but Differs From Microsoft C/C++ 7.0

16. _chdir() Not Only Changes Working Directory, but Also Current Drive

17. MIPS Compiler Flips Order of Bytes of a Denormalized Double

18. Typedef Causes Compiler Error

    typedef  struct rng_struct
    {
       char   *pch;
       short  a;
    } volatile RNGBUF, * volatile RNGBUFP;

    The work-around is to redefine the structure so that it is volatile

    typedef volatile struct rng_struct
    {
       char   *pch;
       short  a;
    } RGNBUF, *RNGBUFP;

19. C1001: Internal Compiler Error, msc1.cpp, line 564

    Can be caused by incorrect code, like the following

    static int
    foo(c)
       char *c
    );

    static int
    foo(c)
    char *c;
    {
       ;
    }

==============================================================================
Section VI: RPC

 1. MIDL: Encapsulated Unions Do Not Check Case Range

    union This switch(boolean b) that
    {
        case 1024:
            short s;
    };

 2. MIDL: No Array Bounds Checks In the Following Cases:

    first_is value < min_is (zero) value
    last_is value > max_is value

 3. MIDL: Embedded Open Array of Strings Not Marshalled Correctly

    typedef [string] char FS[80];
    typedef struct _A {
      short s;
      [size_is(s), length_is(s)] FS array[];
      } A;

    void f([in] A *pa);

 4. MIDL: NULL Arrays May Be Incompatible.

    This may not interoperate with other DCE hosts

       void f([in, unique, size_is(*psize)] char array[],[in, out, ref]
           unsigned long *psize);

 5. MIDL: Fixed 2D Array of Fixed String Incompatible

    The following may not interoperate with other DCE hosts

       typedef [string] char FIXED_STRING[80];
       void f( [in, out] FIXED_STRING array[5][5] );

 6. MIDL: Doesn't Compile Implicit_Handle If Type Not Defined

 7. MIDL: Unsigned/signed Warnings For MIDL_ascii_strlen()

 8. MIDL: Error Generated For Pointers to Conformant Arrays

    typedef [string] char array[];

    void proc([in] array *parray);

 9. MIDL: Encapsulated Union Doesn't Check Case 1

    typedef union EUA switch(small sw) A
    {
        case 0:
            long l;
        case 1:
            long al[2];
    } ENCAP_UNION_A;

10. MIDL: MIPS Version of MIDL Doesn't Spawn MCL By Default

11. MIDL: Stubs Infinite Loop/GPF For Arrays > 65535 Elements

    A fixed or conformant array using size_is(), or a varying array using
    last_is() which has > 65535 elements on NT clients will loop forever.

12. MIDL: Problem With Import Mode, Structures and Callbacks.

    If import mode is not OSF (i.e. defined_single), and the interface has at
    least one callback, then the fgs routines are not produced if a structure
    which needs them is in a RPC.

13. MIDL: When No Disk Space Left, MIDL Ignores.

14. MIDL: MIDL Keeps Half-completed File After Errors

    After errors in writing to the stub files occur, the MIDL compiler
    doesn't remove affected files, even though they are half done and cannot
    C compile.

15. MIDL: Wrong Code Generated For Array Types

        typedef unsigned short LINEBUF[ MAX_BIFSIZE ];
        LPVOID psBuf;
        Func(<other arguments>, (LINEBUF *) psBuf );

    Generates:

        Func(<other arguments>, &psBuf );

    Which should generate psBuf, or &psBuf[0].

16. MIDL: No Error Given For Union of Unions

    typedef [switch_type(short)] union _U1 {
        [case(1)] char c;
        [default] short s;
    } U1;

    typedef [switch_type(long)] union _U2 {
        [case(1)] short s;
        [default] [switch_is(s)] U1 u1;
    } U2;

17. MIDL: Array Pointers Allowed to Non-encapsulated Unions

18. MIDL: _far Not Given in allocate(all_nodes) Under Small Model

    Client stubs on 16-bit platforms using the small memory model GP-faults.

19. MIDL: No warning for ptr attributes on embedded arrays

    typedef [ref] char CHAR_ARRAY[80];

    typedef struct A
     {
     [unique] char array1[90];
     CHAR_ARRAY array2, array3;
     } A_STRUCT;

    MIDL should produce a warning for each of array1, array2 and array3.

20. MIDL: "typedef [trasmit_as(long)] void XMIT_VOID" Accepted

21. MIDL: Double Error Messages When Context Handle, transmit_as

    typedef [transmit_as(long)] void * XMIT_TYPE;
    void foo( [in, context_handle] XMIT_TYPE cht );

22. MIDL: Arrays of Presented Type Elements Not Implemented

    typedef [transmit_as(long)] ENUM_DAYS XMIT_DAYS;
    foo( [ length_is( len )] XMIT_DAYS  axd[10], long len );

23. MIDL: transmit_as(): Cannot Embed in Structs or Unions

24. MIDL: transmit_as() Accepted When User Cannot Translate Back

    Following cases are accepted by the MIDL compiler in place of FOO
    typedef [transmit_as(whatever)] FOO bar;

        1) a struct with varying fixed-sized array

    this goes against MIDL and IDL specs (although the idl compiler passes the
    varying case without complaining, and of course the stub code seems to
    have appropriate calls.

        2) a struct with a member being a pointer decorated with array
           attributes like:

    [size_is(foo), length_is(bar)] long * pL;

    The point is that when translating from the transmitted type to the
    presented type, the user may/does not have enough information to translate
    things correctly back to the presented type. In this respect, it is quite
    similar to the problem of translating a struct with an open array (and
    open arrays are forbidden).

    The IDL compiler accepts this again and issues calls to the translating
    routine as usual.

25. MIDL: Problems With transmit_as Code Generation

    typedef [transmit_as (long) ] short SHORT;

    typedef struct foo
     {
      SHORT s;
      long l;
     } FOO;

    The sns routines increment the marshalling buffer by 4 rather than
    the actual transmitted size which is 2 + 4 = 6.

26. MIDL: No Error For [transmit_as(handle_t)]

27. MIDL: Presented Types Should Be Black Box

    When dealing with straight types such as:

        typedef long LARR[100];

    We can easily see what the meaning of the following is:

        void foo([in, length_is(len)] LARR arr, [in] long len );

    However the following presents difficulties in interpretation and should
    be forbidden by the compiler.

        typedef [transmit_as(FOO)] long * XMIT_PLONG;

        void foo( [in, size_is(size)] XMIT_PLONG xl, long size );

    or

        void foo( [in, length_is(len)] XMIT_PLONG xl, long len );

    Currently the compiler accepts the first signature and rejects the second
    on the ground that the bounds are not defined. Apparently the
    interpretation is that there is a stream of longs being sent. This is at
    best very misleading. The user is supposed to pass a XMIT_PLONG argument
    (i.e. long *) for translation, the stub would transmit a series of longs
    instead of foos.

    The compiler should issue an error when using array attributes would imply
    going into the black box of the presented type.

    The examples given above considered signatures. The same situations can be
    generated with structs.

28. MIDL: No Error When Unsupported Idempotent Attribute Used

29. MIDL: No Error When Unsupported Shape Attribute Used

30. MIDL: [byte_count] Can Only be Applied to Out Pointer Parms

    /* IDL file */
    void foo([in]      unsigned short  length,
             [in, out] struct foo      *pFoo);

    /* ACF file */
    foo([byte_count(length)] pFoo);

    MIDL didn't generate any error about the [in, out] parameter that
    [byte_count] is applied to.

31. MIDL: No Error For Using error_status_t In An Array

32. MIDL: Unclear Error Messages Given for Hybrid Unions.

    // case 1: Straight C style union.
    typedef union _union_hybrid1 {
        case 1:  short     s;
        case 2:  long      l;
        default: char      c;
    } union_hybrid1;

    // case 2: Non-encapsulated union with encapsulated union arms.
    typedef [switch_type(short)] union _union_hybrid2 {
        case 1:  short     s;
        case 2:  long      l;
        default: char      c;
    } union_hybrid2;

    // case 3: Both non-encapsulated and encapsulated union header
    //         with encapsulated union arms.
    typedef [switch_type(short)] union _union_hybrid3 switch(short s) un {
        case 1:  short     s;
        case 2:  long      l;
        default: char      c;
    } union_hybrid3;

    // case 4: Encapsulated union with non-encapsulated union arms.
    typedef union _union_hybrid4 switch(short s) {
        [case(1)] short     s;
        [case(2)] long      l;
        [default] char      c;
    } union_hybrid4;


33. MIDL: Encapsulated Union Gets [switch_type] Not Defined Error

34. MIDL: 0,1,2,... Out of Short Range Warnings

    typedef [switch_type(short)] _un{
       [case(0,1)] short s;
       [case(2,3)] char c;
    }

35. MIDL: Expression Must Be of Integral Type

    void foo([in, size_is(16)] char *p)
    {
    }

36. MIDL: Case Out of Range For switch_type Not Being Reported

    LONG_MAX is clearly out of range for a short switch_type, but no error or
    warning is reported.

    // case 2: switch_type(short) with case(LONG_MAX)
    typedef [switch_type(short)] union _union_max {
        [case(1)]        short     s;
        [case(LONG_MAX)] long      l;
        [default]        char      c;
    } union_max;

    void MaxMatch([in, switch_is(s)] union_max unmx, [in] short s);

37. MIDL: Negative size_is Not Caught on [out] Conformant Arrays

38. MIDL: long, short, etc Not Recognized as Types With allocate()

    Improper usage of the allocate attribute in the ACF file:

        typedef  [allocate(single_node)] short;

    gives extremely inelegant (and fatal) error message:

    "... syntax error: expecting a type name or identifier"

39. MIDL: allocate() Accepted With void *

40. RpcEpResolveBinding() Problems With NULL IfSpec.

41. Invalid Entry Error (1751) on RPC Server

    After stopping an RPC server, via Ctrl-C several times, error 6d7 (1751),
    EPT_S_INVALID_ENTRY occurs on a call to RpcEpRegisterNoReplace().

42. RpcNsMgmtSetExpAge(0) Problems

    Setting the expiration age to 0 causes the results of subsequent broadcasts
    to be immediately aged off, before they can be passed to the client. Thus
    NO_MORE_BINDINGS unless the server is on the same machine as the client.

43. Error Codes Wrong

    RPC_S_SERVER_NOT_LISTENING --> RPC_S_NOT_LISTENING
    RPC_S_CANNOT_BIND remove
    RPC_S_SERVER_OUT_OF_MEMORY --> ERROR_NOT_ENOUGH_SERVER_MEMORY

44. RpcSeverUseProtseqEp() Bad Return Code

    If a protocol sequence is not supported, CANT_CREATE_ENDPOINT is
    erroneously returned.

45. Wrong Error Code Returned to Client After Server Re-listen

    The server calls RpcServerListen(2,2,*), then stops, then calls
    RpcServerListen(1,1,*). One client makes a call and holds while another
    tries to call. The second one should receive RPC_S_TOO_BUSY, but actually
    receives RPC_S_CALL_FAILED.

46. Division By Zero Value Not Correct

    Client:
    RpcTryExcept
    {
    RaiseDivideByZero();
    }
    RpcExcept(RpcStatusCode() == RPC_S_ZERO_DIVIDE)
    {
    ..
    }
    RpcEndExcept

    Server:
    int _GetZero() { return 0; }

    void RaiseDivideByZero()
    {
      int i = 1000;

      i = i / _GetZero();
    }

    When run on NT locally, exception 0xC0000094 gets raised. This is the
    "true" division by zero exception value. It doesn't get mapped to 1767
    (RPC_S_ZERO_DIVIDE).

    Similar problems occurs for FP underflow exceptions.

47. DOS/Win16 DLL Names Need to Match

    The RPC client DLLs for Win16 and for DOS should match except for the
    extension. This is the model we recommend for developing new transport
    DLLs, and it is required for NetBIOS over something other than NetBeui
    to work.

    This is because the DLL name in the registry is
    "...\ClientProtocols\ncacn_nb_xyz=rpcltc5"

    The Run-time knows to add .DLL or .RPC to the entry value to get the name
    of the DLL to use.  This doesn't work if the Win16 DLL is named
    rpcwltc5.dll.

    Since NT uses two system directories (system and system32) there is no
    name collision between the Win16 and Win32 DLL names.

48. RpcServerListen() Returns Prematurely

    If a client issues a call to a server that causes the server to call
    RpcMgmtStopServerListening(), the client's call can fail. This is because
    there's a race condition in which RpcServerListen() doesn't really wait
    for all in-progress calls to complete. If the server app exits shortly
    after RcpServerListen() returns, the RPC transport's response to the
    client may not occur, in which case the client gets a RPC_S_CALL_FAILED
    error.

49. LRPC Clients Can Hang When Connecting to Server

    1) Start a server listening to an LRPC endpoint.
    2) Quickly start a client to the same endpoint.

    When a server first starts there is a short period of time during which it
    will return 1723 (RPC_S_SERVER_TOO_BUSY). If the client gets this error it
    will then hang during the next call. (The next call should connect..)

    If the client come up to fast it will the 1722 (RPC_S_SERVER_UNAVALIABLE)
    and not hang. If the client takes to long to come up, it will connect and
    everything will run okay.

50. LRPC Server Cannot Call Itself

==============================================================================
Section VII:  Winnet/Winsock

 1. UDP Can Send on Broadcast Address Without SO_BROADCAST

 2. SYN ACK Not Sent Until Application Executes an accept()

 3. Windows Sockets Needs to Abort Connection if Data Received After Shutdown

    If an application shuts down the receive side, then data arrives, Windows
    Socket should abort the connection.  Currently it just throws out the data.

 4. No Error Code is Given with FD_CLOSE if Connection is Aborted

 5. TCP Does not Handle Out of Band Data Correctly

    The scenario is the server sends 10 bytes OOB followed by 100 bytes in
    band. The client does an in band receive and gets the 100 bytes and then
    does an OOB recv which blocks and never completes. The OOB data is
    indicated to Windows Sockets.

 6. Windows Sockets Does not Support Connect Data, Disconnect Data

 7. Windows Sockets Should Define Flags/Codes for Message Mode Sockets

 8. TCP_NODELAY Not Accepted by setsockopt()

 9. -1 accepted as valid buffer length to gethostname()

10. WSAStartup() Returns Incorrect Number as the Maximum Datagram Size

11. recvfrom() - from and fromlen Consistency Problem

    unconnected UDP socket
    recvfrom (from = $addr, fromlen = NULL)       => succeeds
    recvfrom (from = $addr, fromlen = ptr to 0)   => succeeds
    recvfrom (from = $addr, fromlen = ptr to -1)  => succeeds/fills $addr
    recvfrom (from = $addr, fromlen = ptr to 15)  => fails
    recvfrom (from = NULL, fromlen =  ptr to 16)  => fails

12. UDP sendto() Accepts Invalid Options (MSG_PEEK, MSG_OOB)

13. Assert Killing Windows Sockets Application While Getting Connection

    If a server terminates abnormally (GP fault, etc), with clients still
    running attempting to connect, an error can occur.

14. TCP/IP Uses First DNS to Resolve Host; Ignores Others in List

15. CallNamedPipe() Documentation Error

    When CallNamedPipe() is used by a client, the server transition the pipe
    from a closed state to a listening state. The client can overrun the
    server if no delays are between calls.

==============================================================================
Section VIII:  POSIX

 1. time() Does Not Adjust for Daylight Savings Time Properly

 2. localtime() Does Not Adjust for Daylight Savings Time Properly

 3. Calling fclose() on STDIO May Fail.

 4. Calling abort() Does Not Call raise(), So There is No Signal

 5. File Opened With fopen( "test.bat", "a" ) Will Hand on fprintf()

 6. fclose() Incorrectly Returns EISPIPE When There is Not Enough Space to
    Flush Buffered Data

 7. fflush() Ought to Fail When File Descriptor Is Closed, But it Does Not

 8. fputc() Ought to Fail When File Descriptor Is Closed, but it Does Not

 9. fopen() Creates Files With Incorrect Mode (0644 rather than 0666)

10. fopen() Does Not Recognize "b" Mode

The problem occurs when the mode is "rb+" and the file is a directory.

11. gmtime() Returns NULL For Dates Before 1980 (MIPS only)

12. printf() Does Not Return EINTR In Cases Where First Character Fails

13. remove() Is Not Provided

14. asctime() Should Return Days Space Padded, Not Zero Padded

15. There are Multiple Bugs in the tzset(), _isindst() Routines

16. mktime() May Cause An Exception

17. limits.h Should Not Define LINK_MAX nor CHILD_MAX, But it Does

18. Apps Attempting to longjump() Out of Signal Handlers Hang (x86 only)

==============================================================================

