[ryandrake]

If we're talking about this [1] call, then it could be argued that it's malformed. Unless I missed it, the documentation does not specify that a NULL pointer may be returned there. Defensive programming practice says it's wise to check for NULL, but the function, as documented, would appear to be behaving incorrectly.

1: https://msdn.microsoft.com/en-us/library/windows/desktop/bb7...

[acqq]

Looking this more carefully, I guess the pointer to the STRRET always remains valid but whoever implemented the decoding of STRRET didn't cover all the cases of uType, and the GodMode had a different uType than others that the developers tested? In that case instead of the pointer to null the API actually returned an empty string (uType STRRET_CSTR actually then means that what would be a null pointer are actually the bytes of the string, and being zero, the string is empty, saving one allocation), but the returned structure wasn't properly understood by the caller.

https://msdn.microsoft.com/en-us/library/windows/desktop/bb7...

That would mean the API behaved according to the specs. See an example here, it's impossible for the call to destroy the pointer to STRRET:

https://msdn.microsoft.com/en-us/library/windows/desktop/bb7...

[ryandrake]

You're probably right. Looks like the article mentions it fills in the structure, not setting the pointer to NULL (which as you point out would be impossible because it's not a pointer to a pointer).