[Bug 20037] Sid Meiers Railroads crashes

Wed Jun 9 15:33:40 CDT 2010

http://bugs.winehq.org/show_bug.cgi?id=20037

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net

--- Comment #2 from Anastasius Focht <focht at gmx.net>  2010-06-09 15:33:40 ---
Hello,

Visual C++ Redistributable Package Version 2010 (10.00.30319.xxx) also suffers
from various msxml3 shortcomings - resulting in crash without native msxml3
override.

One bug - the crash due to a shortcoming in domdoc_validate() stub - should be
targeted here.

When an XML document load/parser failure is encountered, various
apps/installers call validate() on DOM doc and expect a valid parser instance
returned.
Some app code (including Microsoft) access the parse error instance directly
(out param) - without checking HRESULT - leading to crash.

--- snip ---
0045:trace:msxml:xmlcf_CreateInstance (nil)
{2933bf95-7b36-11d2-b20e-00c04f983e60} 0x33f580
0045:trace:msxml:DOMDocument_create ((nil),0x33f39c) 
...
0045:trace:msxml:xmldoc_add_ref 1
0045:trace:msxml:DOMDocument_create_from_xmldoc returning iface 0x149670
0045:trace:msxml:domdoc_QueryInterface
(0x149650)->({2933bf95-7b36-11d2-b20e-00c04f983e60} 0x33f580)
0045:trace:msxml:domdoc_AddRef 0x149650
0045:trace:msxml:domdoc_Release 0x149650
0045:Ret  ole32.CoCreateInstance() retval=00000000 ret=100591cb
0045:trace:msxml:domdoc_loadXML (0x149650)->(L"<?xml version=\"1.0\"
encoding=\"utf-16\"?>\r\n<SetupUI
xmlns=\"http://schemas.microsoft.com/SetupUI/2008/01/imui\"
xmlns:imui=\"http://schemas.microsoft.com/SetupUI/2008/01/imui\" >\r\n 
<UI>\r\n\r\n    <ResourceDll>SetupResources.dll</ResourceDll>\r\n   
<SplashScreen>\r\n      <Hide/>\r\n    </Spl"... 0x33f530) 
...
0045:trace:msxml:xmldoc_release 0
0045:trace:msxml:xmldoc_release freeing docptr 0x7c05c3c8
0045:Call ntdll.RtlFreeHeap(00110000,00000000,00149068) ret=68ea3fce
0045:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=68ea3fce
0045:trace:msxml:xmldoc_add_ref 1
0045:fixme:msxml:domdoc_validate (0x149650)->(0x33f4dc)
0045:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1002b220
ip=1002b220 tid=0045
0045:trace:seh:raise_exception  info[0]=00000000
0045:trace:seh:raise_exception  info[1]=00000000
0045:trace:seh:raise_exception  eax=00000000 ebx=00000000 ecx=00000000
edx=00000000 esi=0033f578 edi=0033f580
0045:trace:seh:raise_exception  ebp=0033f4ec esp=0033f4cc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0045:trace:seh:call_vectored_handlers calling handler at 0x68ade100
code=c0000005 flags=0
0045:trace:seh:call_vectored_handlers handler at 0x68ade100 returned 0
0045:trace:seh:call_stack_handlers calling handler at 0x1008ff77 code=c0000005
flags=0
...
--- snip ---

Translated app sequence is basically like this:

--- snip ---
1. CoCreateInstance( uuidof(DOMDocument30)) -> DOM doc
2. doc->loadXML( ...)
   returns: S_FALSE (parser error encountered)
3. doc->validate( &parseError)
4. parseError->get_reason() (crash because parseError is NULL)
...
--- snip ---

Wine should at least return some dummy parser to work around apps that try to
access the parser instance directly without checking HRESULT.

--- snip dlls/msxml3/domdoc.c ---
static HRESULT WINAPI domdoc_validate(
    IXMLDOMDocument2* iface,
    IXMLDOMParseError** err)
{
    domdoc *This = impl_from_IXMLDOMDocument2( iface );
    FIXME("(%p)->(%p)\n", This, err);
    return E_NOTIMPL;
}
--- snip dlls/msxml3/domdoc.c ---

With a dummy parser returned, the crash is prevented and the apps at least
show/log some error.
The other problems (parser failure in first place, real validate() impl.)
should be targeted by different bugs.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.