Re: ATL vs [out,optional] VARIANT *

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Nikola Dudar [MSFT] (nikolad_at_online.microsoft.com)
Date: 01/10/05 

Date: Sun, 9 Jan 2005 21:14:05 -0800

Thank you for reporting this. Is this VS2003 or VS2005 Beta 1? Please add
information about what version of VS is this and report this bug on
http://lab.msdn.microsoft.com/productfeedback/ if you can repro it with
VS2005 Beta1.

Thanks,
Nikola 

-- 
Nikola Dudar
Visual C++ Team
This posting is provided "AS IS" with no warranties, and confers no rights.
"ATS" <ATS@discussions.microsoft.com> wrote in message 
news:7F0B5347-28BC-45F2-B0FA-B4DA80A974B0@microsoft.com...
> BUG: ATL vs [out,optional] VARIANT *
>
> I've found a bug with ATL and declaring a parameter on a method with
> [out,optional] VARIANT *. The DEBUG trace on the ATL proxy stub shows that 
> is
> performs a VariantClear on the pvarVal pointed to VARIANT and then it
> deliberately sets that VARIANT's vt = VT_VARIANT without setting its own
> pvarVal. This will lead to a memory access error if one then uses the 
> pvarVal
> because its vt = VT_VARIANT and the pvarVal is not NULL.
>
> Here is the trace:
>
>      VARIANT* i2 = 0;
> 1004DC11  mov         dword ptr [i2],0
>                if (rgpVars[0]->vt == (VT_VARIANT | VT_BYREF)) {
> 1004DC1B  mov         eax,dword ptr [rgpVars]
> 1004DC1E  movzx       ecx,word ptr [eax]
> 1004DC21  cmp         ecx,400Ch
> 1004DC27  jne         $L228322+0B3h (1004DC58h)
>                    v = V_VARIANTREF(rgpVars[0]);
> 1004DC29  mov         eax,dword ptr [rgpVars]
> 1004DC2C  mov         ecx,dword ptr [eax+8]
> 1004DC2F  mov         dword ptr [v],ecx
>                    ::VariantClear(v);
> 1004DC32  mov         esi,esp
> 1004DC34  mov         eax,dword ptr [v]
> 1004DC37  push        eax
> 1004DC38  call        dword ptr [__imp__VariantClear@4 (101367C4h)]
> 1004DC3E  cmp         esi,esp
> 1004DC40  call        _RTC_CheckEsp (1006A660h)
>                    i2 = (VARIANT*) (v);
> 1004DC45  mov         eax,dword ptr [v]
> 1004DC48  mov         dword ptr [i2],eax
>                    v->vt = VT_VARIANT; <=== Error! BUG! ATL should set
> pvarVal to NULL after doing this, as otherwise the method may blow up on 
> the
> VARIANT if it performs any Variant deallocation operations on it.
> 1004DC4E  mov         eax,dword ptr [v]
> 1004DC51  mov         word ptr [eax],0Ch
>                }
>                else {
> 1004DC56  jmp         $L228322+0BFh (1004DC64h)
>                    i2 = (VARIANT*) V_VARIANTREF(rgpVars[0]);
> 1004DC58  mov         eax,dword ptr [rgpVars]
> 1004DC5B  mov         ecx,dword ptr [eax+8]
> 1004DC5E  mov         dword ptr [i2],ecx
>                }
>

Relevant Pages

  • Re: CW2A Broken.
    ... It's bug in ATL. ... I remember reporting it some time ago, in company where I work we have been working on patched version for a long time now. ...
    (microsoft.public.vc.atl)
  • Re: ATL vs [out,optional] VARIANT *
    ... And there's another bug in VT_VARIANT not being a valid ... VARIANT type to start with... ... the generated attributed ATL code is known ... The DEBUG trace on the ATL proxy stub shows that ...
    (microsoft.public.vc.atl)
  • BUG: ATL vs [out,optional] VARIANT *
    ... BUG: ATL vs VARIANT * ... The DEBUG trace on the ATL proxy stub shows that is ...
    (microsoft.public.vc.atl)
  • Re: ATL generates bad code for Firing events with [out] arguments
    ... This is not a bug, ... VT_PI4 is not a valid vartype for a VARIANT. ... "DavidB" wrote in message ... >> Microsoft MVP, MCSD ...
    (microsoft.public.win32.programmer.ole)
  • Compiler Bug or what Im doing wrong?
    ... 'Read-Attribute is not handled right in variant records, ... the finalizers for the default variant part ("when Keine_Angabe ... small example w/o GUI which succeeds in reproducing the bug. ...
    (comp.lang.ada)