Thank you very much for commenting on this patch.

2014-10-20 0:06 GMT+08:00 Nikolay Sivov <bunglehead@gmail.com>:
+������ ������ str = SysAllocStringLen(NULL, 1023);
+������ ������ newstr = SysAllocStringLen(NULL, 1023);
Where this length comes from?
Well, I tested String on windows xp, and found that 1023 was the limit, when given a number bigger than that, the output kept the length of 1023.
+������ ������ switch(V_VT(arg + 1)) {
+������ ������ case VT_NULL:
+������ ������ ������ ������ return MAKE_VBSERROR(VBSE_ILLEGAL_NULL_USE);
+������ ������ case VT_BSTR:
+������ ������ ������ ������ str = V_BSTR(arg + 1);
+������ ������ ������ ������ break;
+������ ������ case������ VT_ARRAY|VT_BYREF|VT_VARIANT:
+������ ������ ������ ������ return DISP_E_TYPEMISMATCH;
+������ ������ default:
+������ ������ ������ ������ hres = to_short(arg + 1, &tmp);
+������ ������ ������ ������ if(FAILED(hres))
+������ ������ ������ ������ ������ ������ return hres;
+������ ������ ������ ������ str[0] = (char)tmp;
+������ ������ ������ ������ break;
+������ ������ }
You only need first character, right? Then why do you need a full BSTR pointer in VT_BSTR case? And assigning it
to 'str' you leak a previously allocated buffer.
So how do I get the first character of (arg + 1)?������ How about this: str[0] = * V_BSTR(arg + 1)
In fact I don't quite understand how SysAllocStringLen work, but I see it is used in the former function, so I think maybe it is necessary.
Why cast to (char)tmp?
I think the type of str[0] is WCHAR, and tmp is an integer, shouldn't we make a cast?������

+������ ������ else if(len == 0)
+������ ������ ������ ������ newstr = '\0';
Same way you're losing pointer to allocated buffer.