On 04.03.2015 9:19, Shuai Meng wrote:

+�� �� switch(V_VT(arg)) {
+�� �� case VT_NULL:
+�� �� �� �� return MAKE_VBSERROR(VBSE_ILLEGAL_NULL_USE);
+�� �� case VT_BSTR:
+�� �� �� �� bstr = V_BSTR(arg);
+�� �� �� �� break;
+�� �� default:
+�� �� �� �� hres = to_string(arg, &bstr);
+�� �� �� �� if(FAILED(hres))
+�� �� �� �� �� �� return hres;
+�� �� }
+
+�� �� ret = bstr[0];
+�� �� SysFreeString(bstr);
+
+�� �� if(ret == 0)
+�� �� �� �� return MAKE_VBSERROR(VBSE_ILLEGAL_FUNC_CALL);
+�� �� return return_short(res, ret);

This is wrong too. You can't always free it like that, please look carefully at where 'bstr' comes from.