Fooling Around

Another weird bug from Visual C++ .NET/ATL internals (Visual Studio .NET 2003 Service Pack 1). IDispatch implementation (IModuleCommunicationTcp on the screenshot) supplied by Visual C++  compiler that converts “by DISPID” IDispatch::Invoke call into virtual method call (IModuleCommunicationTcp::get_HttpHost) does not initialize local BSTR variable i1 on stack. In case of method failure (in which case there is no guarantee i1 was properly initialized/cleared) the code still uses the variable to initialize VARIANT.

In my case this caused resulting VARIANT (CComVariant) contain .vt = VT_BSTR, .bstrVal = 0×00000002, which is obviously incorrect and caused an access violation exception later in VariantClear call.

When it comes to software bugs it is useful to know the gradient how to avoid and how to fix. What I recently found is an article about the accumulated experience on the topic:

• Zero-Defect Software Development (ZDSD) by Steve Pavlina [devnewz.com, securitypronews.com]
• ZDSD in Russian
• NASA Software Safety Standard NASA-STD-8719.13B