CXX.BSTR.LITERAL

Do not pass string literal or casted CString to COM function expecting BSTR parameter.

Vulnerability and risk

If a COM object requires a BSTR then you must pass a BSTR.

Consider creating a BSTR object prior to the function call and then passing it as the argument.

Copy

1
2
comMethod(L"const String");
comMethod((LPOLESTR)m_string);

Instances of a call of COM object method with both a string literal and also LPOLESTR cast CString argument.