OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Shevchuk (ashevchukCORILLIAN.COM)
Date: Thu Mar 21 2002 - 13:07:11 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In order to understand that the code is fundamentally broken,
    take a look at _bstr_t class in comutil.h.
    See the difference in implementation between

    _bstr_t& _bstr_t::operator=(const _bstr_t& s)

    and

    _bstr_t& _bstr_t::operator=(const wchar_t* s), for example.

    Because scope of batrval2 is limited by ExtractAddErrInfo,
    class Data_t inside batrval2 will be in the stack and all
    assignments will have references to that Data_t.
    So, on exit from ExtractAddErrInfo we will have reference
    in _bstr_t val to something which does not exist anymore.

    > -----Original Message-----
    > From: Syed.Alam [mailto:Syed.AlamTARGET.COM]
    > Sent: Thursday, March 21, 2002 9:18 AM
    > To: DCOMDISCUSS.MICROSOFT.COM
    > Subject: Re: bug in _bstr_t ????
    >
    >
    > hmmm....I do not see anythign wrong in the code, or _bstr_t
    >
    > When comipler creates temp instance of _bstr_t, it is there
    > until assigned
    > to caller's instance. if u see the BSTR value of _bstr_t in caller's
    > context, it will be same BSTR as allocated inside the static function.
    >
    > this code is running fine on my PC (VC 6.0).
    >
    > have u run it on ur PC?
    >
    >
    >
    >
    > -----Original Message-----
    > From: Alex Shevchuk [mailto:ashevchukCORILLIAN.COM]
    > Sent: Thursday, March 21, 2002 10:59 AM
    > To: DCOMDISCUSS.MICROSOFT.COM
    > Subject: Re: bug in _bstr_t ????
    >
    >
    > _bstr_t class is using reference counted BSTR inside this class.
    > What is happening here is that when you return _bstr_t from
    > ExtractAddErrInfo, C++ is creating temporary instance, which
    > will live only during assignment operation to _bstr_t val and
    > it will be destroyed right after assignment operation.
    > It means, that val now has a pointer to already destroyed
    > BSTR, hence crash when it is trying to destroy it again
    > in the destructor.
    > I am not judging your design of ExtractAddErrInfo function, so
    > the easiest way to fix it is:
    >
    > _bstr_T val = CErrorUtil::ExtractAddErrInfo(bstrIn).Copy();
    >
    > This is not a bug in _bstr_t, just improper use of it.
    >
    > Regards,
    >
    > Alex Shevchuk
    >
    >
    >
    >
    > > -----Original Message-----
    > > From: S.Pradhan [mailto:sabyasachi.pradhanKLA-TENCOR.COM]
    > > Sent: Wednesday, March 20, 2002 8:26 PM
    > > To: DCOMDISCUSS.MICROSOFT.COM
    > > Subject: bug in _bstr_t ????
    > >
    > >
    > > I have the following problem.
    > >
    > > I have a win32 Dll(non COM ordinary Dll).The dlll exposes a
    > > method which
    > > takes in a _bstr_t as a parameter and returns a _bstr_t
    > > parameter.Inside the
    > > method i do some manipulation with the passed in bstr and
    > > return it.When i
    > > call it from another application(say a console app), the
    > > function returns
    > > succesfully, but at the caller app when the returned bstr
    > > goes out of scope
    > > it crashes.
    > > Why does it happen so.If i replace _bstr_t with CComBSTR or
    > > _variant_t data
    > > type, everything works fine without any problem.
    > > Look like there is a bug in _bstr_t.
    > >
    > > I know all of you might say, that i am not handling the
    > > memory properly when
    > > i manipulate the bstr in the method and return.Hence i am
    > > giving the code
    > > here.
    > >
    > > Pl et me know if i am doing anything wrong here fundamentally
    > > or there is a
    > > problem with _bstr_t.
    > >
    > > The error.h file of the win 32 DLL
    > >
    > > **************************************************************
    > > ************
    > > #ifdef ERROR_API_EXPORT
    > > #define ERROR_API __declspec(dllexport)
    > > #else
    > > #define ERROR_API __declspec(dllimport)
    > > #endif
    > >
    > > #include<comdef.h>
    > > //#include<atlbase.h>
    > > class ERROR_API CErrorUtil
    > > {
    > >
    > > public:
    > > static _bstr_t ExtractAddErrInfo(_bstr_t bstrErrMessage);
    > > private:
    > > // This class is not meant to be instantiated; therefore,
    > > the constructor
    > > is
    > > // made a private member.
    > > CErrorUtil(void);
    > > };
    > >
    > > **************************************************************
    > > ***********
    > >
    > > The error.cpp of the win 32 DLL
    > >
    > > **************************************************************
    > > *************
    > > #include "error.h"
    > >
    > > _bstr_t CErrorUtil::ExtractAddErrInfo(_bstr_t bstrErrMessage)
    > > {
    > >
    > > _bstr_t batrval2("Pradhan");
    > > bstrErrMessage=batrval2;
    > >
    > > return bstrErrMessage;
    > >
    > > /*tried with Following line, still it crashes */
    > > //return bstrErrMessage.copy() ;
    > > //return ::SysAllocString((OLECHAR*)bstrErrMessage);
    > >
    > > }
    > >
    > > **************************************************************
    > > *************
    > >
    > >
    > > Console client.cpp
    > > **************************************************************
    > > *************
    > > #include<comdef.h>
    > >
    > > #include "D:\Scratch Area 2\testproject\Error\error.h"
    > > #include<stdio.h>
    > > void main()
    > > {
    > > CoInitialize(NULL);
    > > try
    > > {
    > > _bstr_t bstrIn="Rajesh";
    > > _bstr_t val=CErrorUtil::ExtractAddErrInfo(bstrIn);
    > >
    > > }///it crashes here, when the _bstr_t val gets destroyed.
    > > catch(_com_error &e)
    > > {
    > >
    > > }
    > > CoUninitialize();
    > > }
    > > **************************************************************
    > > *************
    > >
    > > ----------------------------------------------------------------
    > > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > > contains important info. Save time, search the archives at
    > > http://discuss.microsoft.com/archives/index.html .
    > > To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    > >
    >
    > ----------------------------------------------------------------
    > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > contains important info. Save time, search the archives at
    > http://discuss.microsoft.com/archives/index.html .
    > To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    >
    > ----------------------------------------------------------------
    > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    > contains important info. Save time, search the archives at
    > http://discuss.microsoft.com/archives/index.html .
    > To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM
    >

    ----------------------------------------------------------------
    Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
    contains important info. Save time, search the archives at
    http://discuss.microsoft.com/archives/index.html .
    To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM