Thanks for commenting. 2015-03-04 15:48 GMT+08:00 Nikolay Sivov <bunglehead(a)gmail.com>:
On 04.03.2015 9:19, Shuai Meng wrote:
+ switch(V_VT(arg)) { + case VT_NULL: + return MAKE_VBSERROR(VBSE_ILLEGAL_NULL_USE); + case VT_BSTR: + bstr = V_BSTR(arg); + break; + default: + hres = to_string(arg, &bstr); + if(FAILED(hres)) + return hres; + } + + ret = bstr[0]; + SysFreeString(bstr); + + if(ret == 0) + return MAKE_VBSERROR(VBSE_ILLEGAL_FUNC_CALL); + return return_short(res, ret);
This is wrong too. You can't always free it like that, please look carefully at where 'bstr' comes from.
Yeah, you are right, I am so anxious that I didn't check it carefully. 'bstr' has two source, only when it comes from to_string(), it can be freed with this way.