CodeQL documentation

Cast between HRESULT and a Boolean type

ID: cpp/hresult-boolean-conversion
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
   - security
   - external/cwe/cwe-253
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

This query indicates that an HRESULT is being cast to a Boolean type or vice versa.

The typical success value (S_OK) of an HRESULT equals 0. However, 0 indicates failure for a Boolean type.

Casting an HRESULT to a Boolean type and then using it in a test expression will yield an incorrect result.


To check if a call that returns an HRESULT succeeded use the FAILED macro.


In the following example, HRESULT is used in a test expression incorrectly as it may yield an incorrect result.

HRESULT hr = CoGetMalloc(1, &pMalloc);

if (!hr)
    // code ...

To fix this issue, use the FAILED macro in the test expression.


  • Common Weakness Enumeration: CWE-253.

  • © GitHub, Inc.
  • Terms
  • Privacy