Is there a limit to the length of a document title in MFC?

I have an MDI app in which I set the document name for each document using SetTitle() as in:

      CString sTitle(lpszTitle);
      sTitle.FormatMessage(IDS_DESIGN_TITLE_FORMAT, (CString(lpszTitle) + L":"), sConfigNameOnly);


sConfigNameOnly is a CString that's 20 characters long.

This all works fine until I go to the "Windows" menu that shows the names of each document and allows me to switch between them - all normal stuff.

The "Windows" menu shows the full title of the document and shows a tootip with the same string when I hover over it , as it should.

The problem is that when a document's name is greater than 61 characters long (unicode in my case) the app crashes with a memory allocation error - the usual old:  

CRT detected that the application wrote to memory after end of heap buffer.

Is there an undocumented maximum length that a document's title can be?  Or am I doing something wrong in this code?

The error is detected on the ::free call in CMFCPopupMenuBar::OnToolHitTest() at line #35:

INT_PTR CMFCPopupMenuBar::OnToolHitTest(CPoint point, TOOLINFO* pTI) const

	if (m_bPaletteMode)
		return CMFCToolBar::OnToolHitTest(point, pTI);

	int nHit = ((CMFCPopupMenuBar*)this)->HitTest(point);
	if (nHit != -1)
		CMFCToolBarButton* pButton = DYNAMIC_DOWNCAST(CMFCToolBarButton, GetButton(nHit));

		if (pButton != NULL)
			if (pTI != NULL)
				pTI->uId = pButton->m_nID;
				pTI->hwnd = GetSafeHwnd();
				pTI->rect = pButton->Rect();

			if (!pButton->OnToolHitTest(this, pTI))
				nHit = pButton->m_nID;
			else if (pTI != NULL && pTI->lpszText != NULL)
				CString strText;

				if (pTI->lpszText != NULL)
					strText = pTI->lpszText;

				CString strDescr;
				CFrameWnd* pParent = GetParentFrame();
				if (pParent->GetSafeHwnd() != NULL && !pButton->IsKindOf (RUNTIME_CLASS(CMFCShowAllButton)))
					pParent->GetMessageString(pButton->m_nID, strDescr);

				CTooltipManager::SetTooltipText(pTI, m_pToolTip, AFX_TOOLTIP_TYPE_TOOLBAR, strText, strDescr);

	return nHit;

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi allanephillips,

I'm not sure what's the limit for document title is but I'm sure it's not that small coz I just tested it with a MFC application I'm working with, there I can use document title with 200 characters without problem.

I would suspect it has to do anything with tooltip handling. Do you somewhere handle tooltip messages like TTN_NEEDTEXTW or in an overridden OnToolTipText or similar?

Overriding those functionalities can be dangerous because MFC internally in some places used static CStrings to store the text to be shown in a tooltip and just pass a pointer to that string to other message handlers. If somewhere this pointer is used to write a longer string the boundary of the previously allocated string is overwritten which would lead to a similar error as you describe.

looks more that you detected a bug in the mfc.

the TOOLINFO structure passed by pointer to the CMFCPopupMenuBar::OnToolHitTest has a member pointer lpszText to a string buffer of arbitrary size. if the "button" of the popup menu was "hit", the function tries to free the tool tip text pointer if it is not NULL. in debug version the debugger has allocated some extra space behind the requested buffer size and has written a end sequence to that space. when freeing the buffer the debugger looks whether the end sequence has been overwritten somehow and throws the heap error which you encountered.

to find out which function was responsible for writing beyond the buffer size, you should choose "retry" when the error occurs and then look into the stack window. the last function called is CMFCPopupMenuBar::OnToolHitTest and one of the callers up in the stack hierarchy is responsible for allocating space to the pTI->lpszText member. it is a statement like

pTI->lpszText = (LPTSTR) ::calloc((strTipText.GetLength() + 1), sizeof(TCHAR));

Open in new window

if you were successful into locating the allocation statement, you could check why the requested length is too short. in the above statement you would look for the strTipText with the debugger and check whether it contained the full title or not.

you could report the error to Microsoft but as a work around you should use a shorter title.

allanephillipsAuthor Commented:
I did finally track down the problem.  When I searched for where the string was allocated I found that it was in an override OnMenuButtonToolHitTest() that I had created and I had called calloc() incorrectly (passed it the wrong arguments) so the buffer was too small.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
i would recommend to delete the question since the suspected limitation of the mfc title length turned out to be wrong and the final comment the author made actually cannot be looked on as a solution for the question.

i even doubt that it is a solution for the problem. mfc is a c++ framework and using malloc and calloc in an mfc event handler is a recipe for troubles such as crashes or memory leaks. i would assume that there are still issues even if the crash with the title could be avoided.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.