On 10/20/2014 19:58, Shuai Meng wrote:

Thank you very much for commenting on this patch.

2014-10-20 0:06 GMT+08:00 Nikolay Sivov <bunglehead@gmail.com mailto:bunglehead@gmail.com>:

    +    str = SysAllocStringLen(NULL, 1023);
    +    newstr = SysAllocStringLen(NULL, 1023);

Where this length comes from?
Well, I tested String on windows xp, and found that 1023 was the
limit, when given a number bigger than that, the output kept the
length of 1023.

Can you add this too as a test? In some compact way if possible.

    +    switch(V_VT(arg + 1)) {
    +    case VT_NULL:
    +        return MAKE_VBSERROR(VBSE_ILLEGAL_NULL_USE);
    +    case VT_BSTR:
    +        str = V_BSTR(arg + 1);
    +        break;
    +    case  VT_ARRAY|VT_BYREF|VT_VARIANT:
    +        return DISP_E_TYPEMISMATCH;
    +    default:
    +        hres = to_short(arg + 1, &tmp);
    +        if(FAILED(hres))
    +            return hres;
    +        str[0] = (char)tmp;
    +        break;
    +    }

You only need first character, right? Then why do you need a full
BSTR pointer in VT_BSTR case? And assigning it
to 'str' you leak a previously allocated buffer. 

So how do I get the first character of (arg + 1)? How about this: str[0] = * V_BSTR(arg + 1) In fact I don't quite understand how SysAllocStringLen work, but I see it is used in the former function, so I think maybe it is necessary.

What I don't get is why do you allocate 'str' at all, it should be just 'WCHAR ch;' variable.

Why cast to (char)tmp?

I think the type of str[0] is WCHAR, and tmp is an integer, shouldn't we make a cast?

WCHAR is 'unsigned short'. And it feels like it needs more tests for other variant types.

    +    else if(len == 0)
    +        newstr = '\0';

Same way you're losing pointer to allocated buffer.

On 10/23/2014 21:07, Shuai Meng wrote:

Thanks for commenting.

2014-10-21 0:20 GMT+08:00 Nikolay Sivov <bunglehead@gmail.com mailto:bunglehead@gmail.com>:

On 10/20/2014 19:58, Shuai Meng wrote:

...

Thank you very much for commenting on this patch.

2014-10-20 0:06 GMT+08:00 Nikolay Sivov <bunglehead@gmail.com
<mailto:bunglehead@gmail.com>>:

        +    str = SysAllocStringLen(NULL, 1023);
        +    newstr = SysAllocStringLen(NULL, 1023);

    Where this length comes from?
    Well, I tested String on windows xp, and found that 1023 was
    the limit, when given a number bigger than that, the output
    kept the length of 1023.

Can you add this too as a test? In some compact way if possible.

I tried again and I found that maybe you were right. The number of 1023 was got like this: I wrote vbscript with a common text editor on xp, and save it as xx.vbs, then double clicked it. I used this method and found that MsgBox String(1024, 65) only printed "a...(the length is 1023)....a". Tragedy is today I write MsgBox Len(String(1024, 65)), and it prints 1024! It's the same with the other numbers greater than 1023! So I was cheated yesterday. The true limit may be 32768 * 16384 * 1.25， but I am not sure. I need to know the exact limit of the length of the string subtype, however experiments show difference with the documents of microsoft which claims the limit is about 2 billion.

In that case we don't care about exact limit if any. Just allocate what's requested and fail with proper error code if allocation failed.