CodeQL documentation
CodeQL resources

Cast between HRESULT and a Boolean type

ID: cpp/hresult-boolean-conversion
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - security
   - external/cwe/cwe-253
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

This query indicates that an HRESULT is being cast to a Boolean type or vice versa.

The typical success value (S_OK) of an HRESULT equals 0. However, 0 indicates failure for a Boolean type.

Casting an HRESULT to a Boolean type and then using it in a test expression will yield an incorrect result.

Recommendation

To check if a call that returns an HRESULT succeeded use the FAILED macro.

Example

In the following example, HRESULT is used in a test expression incorrectly as it may yield an incorrect result.

LPMALLOC pMalloc;
HRESULT hr = CoGetMalloc(1, &pMalloc);

if (!hr)
{
    // code ...
}

To fix this issue, use the FAILED macro in the test expression.

References

  • Common Weakness Enumeration: CWE-253.

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy