There are a few defects here … ranging from a design issue to a potential buffer-overrun that could cause your system to be comprised and the attacker to be able to execute arbitrary code on your machine.
Hint #1: It is not only important to test return values, but also to make sure you understand how to get extended error information.
Hint #2: What is the potential range of values for a LONG?
Hint #3: Is the caller given enough information on error?
Think you know the defects? Post your comments!