[Bug 18915] FAR Manager: crashes shortly after startup
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Jun 12 12:38:50 CDT 2009
http://bugs.winehq.org/show_bug.cgi?id=18915
--- Comment #2 from Yuri Khan <yurivkhan at gmail.com> 2009-06-12 12:38:50 ---
I have reviewed the code in file dlls/shdocvw/taskbarlist.c and identified the
crash reason. The factory function
> HRESULT TaskbarList_Create(IUnknown *outer, REFIID riid, void **taskbar_list)
does not check its riid parameter and always returns a pointer to the
ITaskbarList interface of the newly created object, no matter what the client
asked for.
If the client asks for an unrelated interface, trouble will happen when the
client tries to invoke that interface's methods (code of the ITaskbarList
method with the same vtable index will be called).
If the client asks for an extension of ITaskbarList (e.g. ITaskbarList2 or
ITaskbarList3) and tries to call any extended methods, it will read the vtbl
beyond its end and jump to a bogus location.
The ITaskbarList3 interface, in particular, is used to provide Windows 7
taskbar integration.
The conventional way to implement a COM class factory is to QueryInterface the
newly created object for the requested riid.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list