Details
P2: Important Description
Win32 CreateProcess requires "[that] all strings in the environment block must be sorted alphabetically by name. The sort is case-insensitive, Unicode order, without regard to locale." according to https://msdn.microsoft.com/en-us/library/windows/desktop/ms682009(v=vs.85).aspx
One real impact that we have observed from this, is when you use a QProcess to launch a program that then uses ::ShellExecute to open a URL. When ::ShellExecute is requested to open an URL it will prepend the URL to the url handling program (the browser for http URLs), but it will fail to notice the existing Path variable if the sorting of the environment block is wrong. The consequence is that you end with an environment with two Path variables, which can break browser plugins and extensions.
Experiment that demonstrates this issue:
open-slashdot-in-browser.cpp:
#include <Windows.h> #include <Shellapi.h> int main() { ShellExecuteA(0, 0, "http://slashdot.org", 0, 0, SW_SHOWNORMAL); }
Launch this program from another program via QProcess:
open-open-slashdot-in-browser.cpp
#include <QCoreApplication> #include <QProcess> int main(int argc, char **argv) { QCoreApplication app(argc, argv); QProcess proc; proc.start(QLatin1String("open-slashdot-in-browser")); proc.waitForFinished(); }
Before running open-open-slashdot-in-browser make sure your browser is not running so single-instancing doesn't ruin the experiment. Then run open-open-slashdot-in-browser. When the browser window pops up there is a good chance the process has two Path variables. This can be checked with process explorer (procexp64.exe). Close the browser and launch open-slashdot-in-browser directly. The opened browser process should now only have one Path environment variable.