Following is the code in ATLDB.H for CreateSchemaRowset. CreateSchemaRowset is called by the SCHEMA_ENTRY macro.
The rowset class is created and then a pointer to it is sent to InternalCreateSchemaRowset.
NOTE: A failed hr will cause the object to be deleted.
HRESULT CreateSchemaRowset(IUnknown *pUnkOuter, ULONG cRestrictions,
const VARIANT rgRestrictions, REFIID riid,
ULONG cPropertySets, DBPROPSET rgPropertySets,
IUnknown** ppRowset, SchemaRowsetClass*& pSchemaRowset)
HRESULT hrProps, hr = S_OK;
SessionClass* pT = (SessionClass*) this;
if (FAILED(hr = ComPolyObject<SchemaRowsetClass>::CreateInstance(pUnkOuter, &pPolyObj)))
pSchemaRowset = &(pPolyObj->m_contained);
hr = InternalCreateSchemaRowset(pUnkOuter, cRestrictions, rgRestrictions,
riid, cPropertySets, rgPropertySets, ppRowset,pPolyObj, pT, pT->GetUnknown());
// Ref the created COM object and Auto release it on failure
//Here is the problem delete
delete pPolyObj; // must hand delete as it is not ref'd
Following is the code for InternalCreateSchemaRowset. If a failure occurs when trying to set a property, the function returns with an error but not before the spUnk smart pointer calls release and frees the object. When execution returns from this function, the CreateSchemaRowset function attempts to delete the object (which has already been deleted) and the access violation occurs.
OUT_OF_LINE HRESULT InternalCreateSchemaRowset(IUnknown *pUnkOuter, ULONG cRestrictions, const VARIANT rgRestrictions, REFIID riid, ULONG cPropertySets, DBPROPSET rgPropertySets, IUnknown** ppRowset, IUnknown* pUnkThis, CUtlPropsBase* pProps, IUnknown* pUnkSession)
HRESULT hr, hrProps = S_OK;
if (ppRowset != NULL)
*ppRowset = NULL;
if ((pUnkOuter != NULL) && !InlineIsEqualUnknown(riid))
//Smart pointer, spUnk will automatically call Release() when it goes out of scope
hr = pUnkThis->QueryInterface(IID_IUnknown, (void**)&spUnk);
hr = pProps->FInit();
hr = pProps->SetPropertiesArgChk(cPropertySets, rgPropertySets);
const GUID* ppGuid;
ppGuid = &DBPROPSET_ROWSET;
// Call SetProperties. The true in the last parameter indicates
// the special behavior that takes place on rowset creation (i.e.
// it succeeds as long as any of the properties were not marked
// as DBPROPS_REQUIRED.
hrProps = pProps->SetProperties(0, cPropertySets,rgPropertySets,1,ppGuid, true);