I don't know if it's terribly important in practice or not, but it could be better to always initialize out pointer to NULL.
+ hres = IXMLDOMDocument_QueryInterface(xmldoc, &IID_IObjectSafety, (void**)&safety); + if(SUCCEEDED(hres)) { + hres = IObjectSafety_SetInterfaceSafetyOptions(safety, NULL, + INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA | INTERFACE_USES_SECURITY_MANAGER, + INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA | INTERFACE_USES_SECURITY_MANAGER); + IObjectSafety_Release(safety); + if(FAILED(hres)) { + ERR("SetInterfaceSafetyOptions(%p) failed: %08x\n", safety, hres); + IXMLDOMDocument_Release(xmldoc); + return hres; + } + } else { + ERR("QueryInterface(IID_IObjectSafety) failed: %08x\n", hres); + IXMLDOMDocument_Release(xmldoc); + return hres; + }
This looks too complicated to me, I don't think any failure here is critical.