* I don't think we want to make this setting permanent for the time being as
this may result in drawbacks like people using the UEFI Shell going through
an unwanted MD5Sum check because they forgot to turn it off.
* Make them more explicit by ensuring that they use a size suffix.
* Also improve whitespace consistency.
* Also make sure that we display the search for conflicting process message
in the status on a search operation that may timeout.
* Also fix a potential buffer overflow when displaying the detailed HDD vs UFD score due to the
safe_sprintf() macro re-evaluating the expression passed as parameter.
* Also refactor and clean up the the safe_###() macros to avoid similar issues.
* Also use FOF_NO_UI as flag for SHDeleteDirectoryExU(), which may alleviate some Alt-D errors.
* As opposed to the ERROR_HANDLE_EOF we get when reading sectors from the VHD file directly, now that we mount
VHD/VHDX for reading, and access them as regular disks, we also need to process ERROR_SECTOR_NOT_FOUND as an
indicator for the end of the drive.
* Also switch to using GetOverlappedResultEx() with a timeout since we no longer have to cater for Windows 7.
* Closes#2468.
* Ubuntu changed their GRUB config format yet again, so our search for the kernel
config no longer works, and the 'persistent' option doesn't get added.
* Switch to a more generic '/casper/vmlinuz' search, though it might have unintended
consequences...
* Also fix a possible double free in FormatExtFs().
* is_in_md5sum() could partially match a string against another one, which, aside from matching
unwanted files, could also lead to files not being identified as being in the md5sum.txt if
the previous partial match happened to be with the current search target.
* Fix this by making sure that we always match a whole path followed by '/n', '/r' or '/0'.
* Not all md5sum.txt (e.g. Ubuntu 24.04) will reference the UEFI bootloader,
so we can't rely on using that data for the bootloader extraction.
* Instead, formally test for the presence of the bootloader on disk.
* The call returned the size occupied in blocks rather than the actual file size,
leading to issues such as Rufus not being able to identify the GRUB version used
by Ubuntu 24.04.
* The static_/safe_ string macros were not properly designed to handle the case where
an expression such as strlen() rather than a static value was passed for the count,
leading to unexpected results, such as excessive truncation of strings. Fix that.
* Also fix a buffer overflow in GetDevices() due to using a wrong string length.
* _snprintf() is not always guaranteed to NUL terminate a string which could
lead to buffer overflows in iso_extract_files() and iso_extract_files().
* Fix this by switching to using the more secure _snprintf_s().
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* For good measure, we also switch to the strncat_s() where possible and also
use memmove() instead of memcpy()/strcpy() as the behaviour of the latter on
overlapping memory regions is undefined.
* Also fix some additional MinGW warnings regarding casts and nb_blocks.
* p[safe_strlen(p)] = 0; was pointless and could lead to a buffer overflow if
the string was not already NUL terminated, so remove it and make sure we
process a buffer that either contains legitimate Syslinux version strings
(that are NUL terminated always) or that has been read through read_file()
(that always adds a NUL terminator to the buffer).
* Also fix some whitespaces in related code sections and switch to using
read_file() for GRUB version lookup.
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).