[Bug 14015] New: Eclipse 3.3.x (customized) crashes on null REFCLSID passed to ole32.WriteClassStg

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Jun 20 05:48:54 CDT 2008 

http://bugs.winehq.org/show_bug.cgi?id=14015

           Summary: Eclipse 3.3.x (customized) crashes on null REFCLSID
                    passed to ole32.WriteClassStg
           Product: Wine
           Version: CVS/GIT
          Platform: PC
               URL: http://www.eclipse.org/downloads
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ole
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net


Created an attachment (id=14205)
 --> (http://bugs.winehq.org/attachment.cgi?id=14205)
Patch to handle null REFCLSID in ole32.WriteClassStg properly

Hello,

this bug report is based on a (Customer) Eclipse 3.3 Europa with lots of
additional plugins (OpenArchitectureWare/Enterprise Architect
Integration/Microsoft Pict).
It's not encountered with standard Eclipse 3.3 version.

The first crash is due to not handling null REFCLSID in ole32.WriteClassStg:

--- snip ---
..
err:ole:apartment_getclassobject DllGetClassObject returned error 0x80004002
err:ole:CoGetClassObject no class object {8856f961-340a-11d0-a96b-00c04fd705a2}
could be created for context 0x3
fixme:shdocvw:PersistStorage_InitNew (0x5566ea0)->(0x6825678)
fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e8c8)
fixme:shdocvw:ViewObject_SetAdvise (0x5566ea0)->(1 00000000 0x5f557e8)
fixme:shdocvw:OleObject_Advise (0x5566ea0)->(0x5f557e8, 0x29ae950)
fixme:shdocvw:WebBrowser_QueryInterface
(0x5566ea0)->({0000011d-0000-0000-c000-000000000046} 0x29ae950) interface not
supported
fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e97c)
fixme:shdocvw:PersistStorage_Save (0x5566ea0)->(0x6825678 1)
First chance exception: page fault on read access to 0x00000000 in 32-bit code
(0x60cccd3b).
..
Backtrace:
=>1 0x60cccd3b StorageBaseImpl_SetClass+0x9b(iface=0x6825678, clsid=0x0)
[/home/focht/wine-git/dlls/ole32/storage32.c:1136] in ole32 (0x0033e96c)
  2 0x60cc63f1 WriteClassStg+0x21(pStg=0x6825678, rclsid=0x0)
[/home/focht/wine-git/dlls/ole32/storage32.c:6290] in ole32 (0x0033e97c)
  3 0x0505589b in swt-win32-3349 (+0x2589b) (0x0033e9a8)
  4 0x00749c91 XChangeKeyboardControl+0x111() in libx11.so.6 (0x0033e9e8)
  5 0x00742dd5 in libx11.so.6 (+0xddd5) (0x0033ea20)
..
--- snip ---

For the interested, the relevant Eclipse JNI COM wrapper snippet reads like
this:

--- snip (swt-win32-3349.dll) ---
/*
 * Class:     org_eclipse_swt_internal_ole_win32_COM
 * Method:    WriteClassStg
 * Signature: (ILorg/eclipse/swt/internal/ole/win32/GUID;)I
 */
JNIEXPORT jint JNICALL
Java_org_eclipse_swt_internal_ole_win32_COM_WriteClassStg
  (JNIEnv *env, jclass that, jint pStg, jobject rclsid)
{
    GUID guid, *rclsid1=NULL;
    jint rc;

#ifdef DEBUG_CALL_PRINTS
    fprintf(stderr, "WriteClassStg\n");
#endif
    if (rclsid) {
        rclsid1=&guid;
        getGUIDFields(env, rclsid, rclsid1);
    }
    rc = (jint) WriteClassStg((IStorage *)pStg, rclsid1);

    if (rclsid) {
        setGUIDFields(env, rclsid, rclsid1);
    }
    return rc;
} 
--- snip (swt-win32-3349.dll) ---

If for whatever reason, a null rclsid is passed in, NULL will be passed to
WriteClassStg.
Wine should handle this case properly.

With attached patch it goes further - to crash again (separate bug report).

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list