19 Oct
2014
19 Oct
'14
4:06 p.m.
- str = SysAllocStringLen(NULL, 1023);
- newstr = SysAllocStringLen(NULL, 1023);
Where this length comes from?
- switch(V_VT(arg + 1)) {
- case VT_NULL:
return MAKE_VBSERROR(VBSE_ILLEGAL_NULL_USE);- case VT_BSTR:
str = V_BSTR(arg + 1);break;- case VT_ARRAY|VT_BYREF|VT_VARIANT:
return DISP_E_TYPEMISMATCH;- default:
hres = to_short(arg + 1, &tmp);if(FAILED(hres))return hres;str[0] = (char)tmp;break;- }
You only need first character, right? Then why do you need a full BSTR pointer in VT_BSTR case? And assigning it to 'str' you leak a previously allocated buffer. Why cast to (char)tmp?
- else if(len == 0)
newstr = '\0';
Same way you're losing pointer to allocated buffer.