[Bug 16999] New: Visual C++ 2005 Express IDE: stack overflow at startup due to empty class id string

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Jan 18 07:51:29 CST 2009 

http://bugs.winehq.org/show_bug.cgi?id=16999

           Summary: Visual C++ 2005 Express IDE: stack overflow at startup
                    due to empty class id string
           Product: Wine
           Version: 1.1.13
          Platform: Other
               URL: http://www.microsoft.com/express/2005/download/default.a
                    spx
        OS/Version: other
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ole32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net


Hello,

prerequisites:

Patch from bug 5054 to work around invalid URL cache entries
(http://bugs.winehq.org/attachment.cgi?id=18726)

1. clean WINEPREFIX
2. sh winetricks -q dotnet20 msxml6
3. download and run web installer (see URL)
4. start the VC++ 2005 IDE (wine VCExpress.exe)
---

The IDE crashes due to stack overflow.

--- snip ---
...
0038:Call advapi32.RegQueryValueExW(00000418,50061238
L"MRUCommand2GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41
0038:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=50008e41
0038:Call advapi32.RegQueryValueExW(00000418,502800c8
L"MRUCommand2ID",00000000,00000000,00328c38,00328c34) ret=501f1800
0038:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=501f1800
0038:Call ole32.CLSIDFromString(00328c40
L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}",50758004) ret=501f181a
0038:trace:ole:__CLSIDFromString L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}" ->
0x50758004
0038:Ret  ole32.CLSIDFromString() retval=00000000 ret=501f181a
0038:CALL MSVCR80.memset(003289f0,00000000,00000204) ret=50008e1d
0038:RET  MSVCR80.memset() retval=003289f0 ret=50008e1d
0038:Call advapi32.RegQueryValueExW(00000418,50061258
L"MRUCommand3GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41
0038:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=50008e41
0038:Call advapi32.RegQueryValueExW(00000418,502800e4
L"MRUCommand3ID",00000000,00000000,00328c38,00328c34) ret=501f1847
0038:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=501f1847
0038:Call ole32.CLSIDFromString(00328c40 L"",50758018) ret=501f1861
0038:Call KERNEL32.GetProcessHeap() ret=604e16fd
0038:Ret  KERNEL32.GetProcessHeap() retval=00110000 ret=604e16fd
0038:Call ntdll.RtlAllocateHeap(00110000,00000000,00000010) ret=604e1711
0038:Ret  ntdll.RtlAllocateHeap() retval=00ed1298 ret=604e1711
0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\\CLSID",00328acc)
ret=604e1758
0038:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=604e1758 
...
0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\\CLSID",0023294c)
ret=604e1758
0038:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=604e1758
0038:Call KERNEL32.GetProcessHeap() ret=604e17f0
0038:Ret  KERNEL32.GetProcessHeap() retval=00110000 ret=604e17f0
0038:Call ntdll.RtlFreeHeap(00110000,00000000,00ed1298) ret=604e1809
0038:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=604e1809
0038:Call advapi32.RegQueryValueW(0000043c,00000000,00232956,00232950)
ret=604e182d
0038:Ret  advapi32.RegQueryValueW() retval=00000000 ret=604e182d
0038:Call advapi32.RegCloseKey(0000043c) ret=604e18b1
0038:Ret  advapi32.RegCloseKey() retval=00000000 ret=604e18b1
0038:trace:seh:raise_exception code=c00000fd flags=0 addr=0x601e289e
ip=0x601e289e tid=0038
0038:trace:seh:raise_exception  eax=00000000 ebx=602e4ff4 ecx=00232720
edx=00000000 esi=00000000 edi=0023268c
0038:trace:seh:raise_exception  ebp=00232038 esp=00231ffc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0038:trace:seh:call_stack_handlers calling handler at 0x506ea492 code=c00000fd
flags=0
0038:err:seh:setup_exception_record stack overflow 976 bytes in thread 0038 eip
601b4678 esp 00230f60 stack 0x230000-0x231000-0x330000
--- snip ---

Relevant registry data:

--- snip ---
[HKEY_USERS\S-1-5-4\Software\Microsoft\VCExpress\8.0\StartPage]

"Command1"="{F3192B90-EA73-480F-9471-04524118D767}|20487|"

"Command2"="{F3192B90-EA73-480F-9471-04524118D767}|20482|"

"Command3"="{F3192B90-EA73-480F-9471-04524118D767}|20480|"

"Command4"="{F3192B90-EA73-480F-9471-04524118D767}|20481|"

"Command5"="{F3192B90-EA73-480F-9471-04524118D767}|20483|"

"Command6"="{F3192B90-EA73-480F-9471-04524118D767}|20485|"

"DownloadState"=dword:00000000

"MRUCommand1GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"

"MRUCommand1ID"=dword:000000d8

"MRUCommand2GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"

"MRUCommand2ID"=dword:00000141

"MRUCommand3GUID"=""

"MRUCommand3ID"=dword:00000000

"MRUCommand4GUID"=""

"MRUCommand4ID"=dword:00000000
--- snip ---

The problem is actually a bug in CLSIDFromProgID() when passed an empty id
string which results in nice recursion :-)

--- snip dlls/ole32/compobj.c ---
HRESULT WINAPI CLSIDFromString(LPOLESTR idstr, CLSID *id )
{
    HRESULT ret;

    if (!id)
        return E_INVALIDARG;

    ret = __CLSIDFromString(idstr, id);
    if(ret != S_OK) { /* It appears a ProgID is also valid */
        ret = CLSIDFromProgID(idstr, id);
    }
    return ret;
}

...
HRESULT WINAPI CLSIDFromProgID(LPCOLESTR progid, LPCLSID clsid)
{
    static const WCHAR clsidW[] = { '\\','C','L','S','I','D',0 };
    WCHAR buf2[CHARS_IN_GUID];
    LONG buf2len = sizeof(buf2);
    HKEY xhkey;
    WCHAR *buf;

    if (!progid || !clsid)
    {
        ERR("neither progid (%p) nor clsid (%p) are optional\n", progid,
clsid);
        return E_INVALIDARG;
    }

    /* initialise clsid in case of failure */
    memset(clsid, 0, sizeof(*clsid));

    buf = HeapAlloc( GetProcessHeap(),0,(strlenW(progid)+8) * sizeof(WCHAR) );
    strcpyW( buf, progid );
    strcatW( buf, clsidW );
    if (RegOpenKeyW(HKEY_CLASSES_ROOT,buf,&xhkey))
    {
        HeapFree(GetProcessHeap(),0,buf);
        WARN("couldn't open key for ProgID %s\n", debugstr_w(progid));
        return CO_E_CLASSSTRING;
    }
    HeapFree(GetProcessHeap(),0,buf);

    if (RegQueryValueW(xhkey,NULL,buf2,&buf2len))
    {
        RegCloseKey(xhkey);
        WARN("couldn't query clsid value for ProgID %s\n", debugstr_w(progid));
        return CO_E_CLASSSTRING;
    }
    RegCloseKey(xhkey);
    return CLSIDFromString(buf2,clsid);
} 

--- snip dlls/ole32/compobj.c ---

CLSIDFromProgID() needs to be fixed for the empty cls/prog id string case.

With proper patch applied, the IDE starts.

Regards


-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list