Not exactly, the length is not at [0], it is actually before that. See: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/automat/string-manipulation-functions
So when we access BSTR pointers we can safely assume they are compatible with WCHAR pointers. But when we create a BSTR pointer to pass to the system then yes, we should use the Sys*String functions. Just fixed and committed to the SVN. Best, Scuri Em ter, 4 de jun de 2019 às 08:38, Ranier VF <ranier_...@hotmail.com> escreveu: > Hi, > BSTR are not WCHAR compatible. > See at: > > https://www.codeguru.com/cpp/cpp/string/conversions/article.php/c5639/Guide-to-BSTR-and-C-String-Conversions.htm > "C strings are arrays of characters terminated by a NULL character. Visual > Basic strings differ in that the length of the string precede the > characters in the string. So, a VB string knows its own length. In > addition, all VB strings are Unicode (16 bits per character)." > > BSTR contain the length of the string. WCHAR [0] position can be anything, > If code subsequent read the length with WCHAR string, the result is > impredictable. > The Coverity report this as Memory Corruption, level High. > > I agree with Coverity, the code is unsafe and violate the rules use of > functions > calls what await BSTR valid variables. > > Best regards, > Ranier Vilela > > ________________________________________ > De: Antonio Scuri <antonio.sc...@gmail.com> > Enviado: terça-feira, 4 de junho de 2019 11:15 > Para: IUP discussion list. > Assunto: Re: [Iup-users] CID 341226 (#1 of 1): COM bad conversion to BSTR > (COM.BSTR.CONV) > > We use BSTR as the same definition of WCHAR, that's why we can do what > we do. In a more generic code that should work with BSTR variations then we > should be more careful. But that's not the case. > > Best, > Scuri > > > Em seg, 3 de jun de 2019 às 23:05, Ranier VF <ranier_...@hotmail.com > <mailto:ranier_...@hotmail.com>> escreveu: > Hi, > Several fixes for the iupwin_webbrowser.cpp > > --- \dll\iup\a\srcweb\iupwin_webbrowser.cpp Wed Apr 03 14:12:26 2019 > +++ iupwin_webbrowser.cpp Mon Jun 03 23:00:50 2019 > @@ -206,12 +206,14 @@ > pweb->get_Document(&lpDispatch); > if (!lpDispatch) > { > + const BSTR pBstr = SysAllocString("about:blank"); > iupAttribSet(ih, "_IUPWEB_FAILED", NULL); > > - pweb->Navigate(L"about:blank", NULL, NULL, NULL, NULL); > + pweb->Navigate(pBstr, NULL, NULL, NULL, NULL); > IupFlush(); > > pweb->get_Document(&lpDispatch); > + SysFreeString(pBstr); > } > > IPersistStreamInit* pPersistStreamInit = NULL; > @@ -405,15 +407,15 @@ > { > if (value) > { > - char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > + const char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > if (element_id) > { > - IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > + const IHTMLElement* pElem = winWebBrowserFindElement(ih, > element_id); > if (pElem) > { > - WCHAR* wvalue = iupwinStrChar2Wide(value); > - pElem->put_innerText(wvalue); > - free(wvalue); > + const BSTR pBvalue = SysAllocString(szWCharString); > + pElem->put_innerText(pBvalue); > + SysFreeString(pBvalue); > pElem->Release(); > } > } > @@ -423,50 +425,49 @@ > > static char* winWebBrowserGetInnerTextAttrib(Ihandle* ih) > { > - char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > + const char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > + const* value = NULL; > if (element_id) > { > - IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > + const IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > if (pElem) > { > - WCHAR* wvalue = NULL; > - if (!FAILED(pElem->get_innerText(&wvalue))) > + BSTR pBvalue = NULL; > + if (!FAILED(pElem->get_innerText(&pBvalue))) > { > - char* str = iupwinStrWide2Char(wvalue); > - char* value = iupStrReturnStr(str); > - SysFreeString(wvalue); > + const char* str = iupwinStrWide2Char(pBvalue); > + const char* value = iupStrReturnStr(str); > free(str); > - pElem->Release(); > - return value; > + SysFreeString(pBvalue); > } > pElem->Release(); > } > } > > - return NULL; > + return value; > } > > static int winWebBrowserSetAttributeAttrib(Ihandle* ih, const char* value) > { > if (value) > { > - char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > - char* attribute_name = iupAttribGet(ih, "ATTRIBUTE_NAME"); > + const char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > + const char* attribute_name = iupAttribGet(ih, "ATTRIBUTE_NAME"); > if (element_id && attribute_name) > { > IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > if (pElem) > { > - WCHAR* wname = iupwinStrChar2Wide(attribute_name); > - WCHAR* wvalue = iupwinStrChar2Wide(value); > + const BSTR pBname = SysAllocString(attribute_name); > + const WCHAR* wvalue = iupwinStrChar2Wide(value); > > VARIANT var; > VariantBStr(&var, wvalue); > > - pElem->setAttribute(wname, var, 1); // case sensitive search > + pElem->setAttribute(pBname, var, 1); // case sensitive search > > free(wvalue); > - free(wname); > + SysFreeString(pBname); > pElem->Release(); > } > } > @@ -476,31 +477,29 @@ > > static char* winWebBrowserGetAttributeAttrib(Ihandle* ih) > { > - char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > - char* attribute_name = iupAttribGet(ih, "ATTRIBUTE_NAME"); > + const char* element_id = iupAttribGet(ih, "ELEMENT_ID"); > + const char* attribute_name = iupAttribGet(ih, "ATTRIBUTE_NAME"); > + const char *value = NULL; > if (element_id && attribute_name) > { > - IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > + const IHTMLElement* pElem = winWebBrowserFindElement(ih, element_id); > if (pElem) > { > - WCHAR* wname = iupwinStrChar2Wide(attribute_name); > + const BSTR pBname = SysAllocString(attribute_name); > VARIANT var; > VariantInit(&var); > - if (!FAILED(pElem->getAttribute(wname, 1, &var)) && var.bstrVal) > // case sensitive search > + if (!FAILED(pElem->getAttribute(pBname, 1, &var)) && var.bstrVal) > // case sensitive search > { > - char* str = iupwinStrWide2Char(var.bstrVal); > - char* value = iupStrReturnStr(str); > + const char* str = iupwinStrWide2Char(var.bstrVal); > + value = iupStrReturnStr(str); > free(str); > - free(wname); > - pElem->Release(); > - return value; > } > - free(wname); > + SysFreeString(pBname); > pElem->Release(); > } > } > > - return NULL; > + return value; > } > > static int winWebBrowserSetBackForwardAttrib(Ihandle* ih, const char* > value) > @@ -578,7 +577,7 @@ > if (value) > { > IWebBrowser2 *pweb = (IWebBrowser2*)iupAttribGet(ih, > "_IUPWEB_BROWSER"); > - WCHAR* wvalue = iupwinStrChar2Wide(value); > + const BSTR pBvalue = SysAllocString(value); > > VARIANT var; > VariantInit(&var); /* Initialize our variant */ > @@ -587,8 +586,8 @@ > > iupAttribSet(ih, "_IUPWEB_FAILED", NULL); > > - pweb->Navigate(wvalue, NULL, &var, NULL, NULL); > - free(wvalue); > + pweb->Navigate(pBvalue, NULL, &var, NULL, NULL); > + SysFreeString(pBvalue); > } > return 0; > } > @@ -599,10 +598,10 @@ > BSTR pbstrLocationURL = NULL; > if (pweb->get_LocationURL(&pbstrLocationURL)==S_OK && pbstrLocationURL) > { > - char* str = iupwinStrWide2Char(pbstrLocationURL); > - SysFreeString(pbstrLocationURL); > + const char* str = iupwinStrWide2Char(pbstrLocationURL); > char* value = iupStrReturnStr(str); > free(str); > + SysFreeString(pbstrLocationURL); > return value; > } > return NULL; > > Best regards, > Ranier Vilela_______________________________________________ > Iup-users mailing list > Iup-users@lists.sourceforge.net<mailto:Iup-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/iup-users > > > _______________________________________________ > Iup-users mailing list > Iup-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/iup-users >
_______________________________________________ Iup-users mailing list Iup-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/iup-users
