As I mentioned yesterday, PROPVARIANT's hold data that gets piped through the property system.  Early in our development cycle, we noticed  is that even the most careful developer can easily make mistakes when initializing PROPVARIANTs.   

  1. One common mistake we see is to set the VARTYPE to one thing and set the data to another.  The result is somebody else AVs when they misinterpret your data. 

  2. Another common mistake is to set a NULL pointer by accident.  Again, the receiving end suffers if they forget to do a NULL check. 

  3. A rather insidious mistake is to create a vector of values, but to store the wrong count.  Either the recipient ignore some of the values, or the recipient executes a read buffer overrun.

  4. Finally, some code uses VT_BSTR when the property system favors VT_LPWSTR.  This led to avoidable conversions in the coersion layer

  5. A related problem is that it is very difficult to review code that deals with PROPVARIANT members directly.  As a result, many bugs slip in the product since nobody likes to read dense code.

Tomorrow I'll start covering some helper functions that reduce the risk of these issues.