Last time we analyzed an interesting and subtle bug, caused by a standard std::wstring wrongly passed as an input BSTR string parameter (even though the code did compile).
So, how can you fix that bug?
Well, the key is to first create a BSTR from the initial std::wstring, and then pass the created BSTR to the function or class method that expects a BSTR input string.
The BSTR can be created invoking the SysAllocString API. Note that, once the BSTR is no longer needed, it must be freed calling the SysFreeString API.
The following C++ code snippet shows these concepts in action:
// The initial standard string
std::wstring ws = L"Connie is learning C++";
// Allocate a BSTR and initialize it
// with the content of the std::wstring
BSTR bstr = SysAllocString(ws.c_str());
// Invoke the function expecting the BSTR input parameter
DoSomething(bstr);
// Release the BSTR
SysFreeString(bstr);
// Avoid dangling pointers
bstr = nullptr;
The above code can be simplified, following the C++ RAII pattern and enjoying the power of C++ destructors. In fact, you can use a C++ class like ATL’s CComBSTR to wrap the raw BSTR string. In this way, the raw BSTR will be automatically deallocated when the CComBSTR object goes out of scope. That’s because the CComBSTR destructor will automatically and safely invoke SysFreeString for you.
The new simplified and safer (as incapable of leaking!) code looks like this:
// Create a BSTR safely wrapped in a CComBSTR
// from the initial std::wstring
CComBSTR myBstr(ws.c_str());
// The CComBSTR is automatically converted to a BSTR
// and passed to the function
DoSomething(myBstr);
// No need to invoke SysFreeString!
// CComBSTR destructor will *automatically* release the BSTR.
// THANK YOU C++ RAII and DESTRUCTORS!
Giovanni Dicanio's Blog 