Jacek Caban (@jacek) commented about dlls/mshtml/htmlattr.c:
HTMLDOMAttribute2_cloneNode};
+static inline HTMLDOMAttribute *impl_from_DispatchEx(DispatchEx *iface) +{
- return CONTAINING_RECORD(iface, HTMLDOMAttribute, dispex);
+}
+static void HTMLDOMAttribute_unlink(DispatchEx *dispex) +{
- HTMLDOMAttribute *This = impl_from_DispatchEx(dispex);
- VariantClear(&This->value);
When unlink will be initiated by CC, you can't assume that there are no more refs, only that CC expects that after unlinking there will be no more refs. Since we don't control value's destructor, the object should be in a consistent state while calling it. For all we know it may call `get_nodeValue`. In practice we don't care what exactly we do in such an obscure case, but returning a dispatch that we don't own ref to is never right.
We could instead have a helper like `unlink_variant` which would just do something like `if(V_VT(v) == VT_DISPATCH && V_DISPATCH(v)) unlink_ref(&V_DISPATCH(v));` and leave `VariantClear` for the destructor.