From 078227f7ea2a353aae196db4187b161876efafe2 Mon Sep 17 00:00:00 2001
From: Easton Pillay <easton@planeteaston.com>
Date: Tue, 11 Jan 2022 11:38:41 -0500
Subject: [PATCH 1/2] Added check for maximum size of downloaded file names.

---
 src/AppInstallerCLICore/Workflows/DownloadFlow.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp b/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
index 06fca0ad86..13280ee37b 100644
--- a/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
+++ b/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
@@ -64,9 +64,9 @@ namespace AppInstaller::CLI::Workflow
             // Get file name from download URI
             std::filesystem::path filename = GetFileNameFromURI(context.Get<Execution::Data::Installer>()->Url);
 
-            // Assuming that we find a stem value in the URI, use it.
+            // Assuming that we find a safe stem value in the URI, use it.
             // This should be extremely common, but just in case fall back to the older name style.
-            if (filename.has_stem())
+            if (filename.has_stem() && filename.string().size() < MAX_PATH)
             {
                 filename = filename.stem();
             }

From 3d98d798224adeb6d526ba1a723eda7a3be5c94d Mon Sep 17 00:00:00 2001
From: Easton Pillay <easton@planeteaston.com>
Date: Tue, 11 Jan 2022 13:08:04 -0500
Subject: [PATCH 2/2] Added extension to size calculation (per code review).

---
 src/AppInstallerCLICore/Workflows/DownloadFlow.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp b/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
index 13280ee37b..c8b4c61c17 100644
--- a/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
+++ b/src/AppInstallerCLICore/Workflows/DownloadFlow.cpp
@@ -63,10 +63,11 @@ namespace AppInstaller::CLI::Workflow
         {
             // Get file name from download URI
             std::filesystem::path filename = GetFileNameFromURI(context.Get<Execution::Data::Installer>()->Url);
+            std::wstring_view installerExtension = GetInstallerFileExtension(context);
 
             // Assuming that we find a safe stem value in the URI, use it.
             // This should be extremely common, but just in case fall back to the older name style.
-            if (filename.has_stem() && filename.string().size() < MAX_PATH)
+            if (filename.has_stem() && ((filename.string().size() + installerExtension.size()) < MAX_PATH))
             {
                 filename = filename.stem();
             }
@@ -76,7 +77,7 @@ namespace AppInstaller::CLI::Workflow
                 filename = Utility::ConvertToUTF16(manifest.Id + '.' + manifest.Version);
             }
 
-            filename += GetInstallerFileExtension(context);
+            filename += installerExtension;
 
             return filename;
         }