>
>
>
V1060. Passing 'BSTR ' to the 'SysAlloc…


V1060. Passing 'BSTR ' to the 'SysAllocString' function may lead to incorrect object creation.

The analyzer has detected the passing of a string of type 'BSTR' to the 'SysAllocString' function.

BSTR FirstBstr = ....;
BSTR SecondBstr = SysAllocString(FirstBstr);

Copying a 'BSTR' string by passing it to the 'SysAllocString' function may result in a logic error.

BSTR (basic string or binary string) is a string data type that is used by COM, Automation, and Interop functions. BSTR is represented in the following way:

  • Length prefix. A four-byte integer that contains the number of bytes in the following data string. It appears immediately before the first character of the data string and does not include the terminator.
  • Data string. A string of Unicode characters. May contain multiple embedded null characters.
  • Terminator. Two null characters.

A BSTR is a pointer that points to the first character of the string, not to the length prefix.

The 'SysAllocString' function handles 'BSTR' strings in the same way as it does regular wide C strings. It means that if the string contains multiple embedded null characters, 'SysAllocString' will return a truncated string. To avoid unexpected behavior, rewrite the code using wrapper classes over 'BSTR' such as 'CComBSTR' or '_bstr_t'.

For example, you can use the following pattern to correctly copy one 'BSTR' string to another:

CComBstr firstBstr(L"I am a happy BSTR.");
BSTR secoundBstr = firstBstr.Copy();

This is another way to do it:

_bstr_t firstBstr(L"I am a happy BSTR too.");
BSTR secoundBstr = firstBstr.copy();