Validating Object Pointers

The need to validate object pointers arises when calls are made to retrieve MAPI objects or when private method calls are made within your client or service provider. It is always a good idea to validate these pointers. However, unlike parameter validation, MAPI does not provide a single API function to use. Instead there is a recommended series of steps to ensure that object pointers given to your client or service provider are valid. Not all steps are appropriate for all situations; the vtable verification step, for example, is unnecessary in C++.

    To validate object pointers

1. Check that the object pointer points to the correct amount of writeable memory.
2. Check that the vtable of the object contains the expected number of readable entries.
3. Check that one or more methods in the vtable have the expected address.
4. Check that the object's reference count is nonzero.

MAPI provides two API functions for validating pointer memory: IsBadWritePtr and IsBadReadPtr. The following C code sample illustrates how to validate an object pointer using all of the steps outlined above and these two API functions.

if (IsBadWritePtr(lpMyObject, sizeof(MYOBJECT)))
    return failure

if (IsBadReadPtr(lpMyObject->lpVtbl, size(MYOBJECT_Vtbl)))
    return failure

if (lpMyObject->lpVtbl->SetProps != MYOBJECT_SetProps)
    return failure

if (lpMyObject-> cRef == 0)
    return failure