I'm using ReadDirectoryChangesW (Windows API) asynchronously in combination with GetQueuedCompletionStatus. How can I detect a possible buffer overflow to understand that at least one file system change event has been lost?
When using ReadDirectoryChangesW
asynchronously, you will get the first group of events, then you have to call it again for more events. Having more events than fit in your buffer is not an error. Having more events than fit in the OS-level buffer is the error condition, and you find out like so:
ReadDirectoryChangesW
completes successfully. Your buffer is filled, your event handle is set or the IOCP is triggered.ReadDirectoryChangesW
again to begin an asynchronous overlapped operation checking for any events that happened since step 2. This call fails synchronously, with GetLastError() == ERROR_NOTIFY_ENUM_DIR
, or succeeds with dwBytesTransferred == 0
, since the documentation says this also means to re-enumerate the directoryIf the number of bytes transferred is zero, the buffer was either too large for the system to allocate or too small to provide detailed information on all the changes that occurred in the directory or subtree. In this case, you should compute the changes by enumerating the directory or subtree.