[Bug 31360] Bobcad v21 crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Aug 26 16:36:18 CDT 2014 

https://bugs.winehq.org/show_bug.cgi?id=31360

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.bobcad.com       |http://bobcad.com/wp-conten
                   |                            |t/media/updates/archive/v21
                   |                            |.5.3.exe
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ole32

--- Comment #1 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming, still present.

The app passes an outer IUnknown with *zero* ref count to
'OleCreateEmbeddingHelper' and expects it to stay alive.

Wine drops the ref count of outer unknown after creating the datacache object
(refcount = 1 at this point), causing the destruction (memory freed).
The app accesses the outer unknown vtable after 'OleCreateEmbeddingHelper'
returns, causing the crash.

Source:
http://source.winehq.org/git/wine.git/blob/c0a17a4f098ea148e24f4bc802a6739e61b9f515:/dlls/ole32/defaulthandler.c#l1881

--- snip ---
1881 static DefaultHandler* DefaultHandler_Construct(
1882   REFCLSID clsid,
1883   LPUNKNOWN pUnkOuter,
1884   DWORD flags,
1885   IClassFactory *pCF)
1886 {
1887   DefaultHandler* This = NULL;
1888   HRESULT hr;
...
1919   This->outerUnknown = pUnkOuter;
1920
1921   /*
1922    * Create a datacache object.
1923    * We aggregate with the datacache. Make sure we pass our outer
1924    * unknown as the datacache's outer unknown.
1925    */
1926   hr = CreateDataCache(This->outerUnknown,
1927                         clsid,
1928                         &IID_IUnknown,
1929                         (void**)&This->dataCache);
1930   if(SUCCEEDED(hr))
1931   {
1932     hr = IUnknown_QueryInterface(This->dataCache, &IID_IPersistStorage,
(void**)&This->dataCache_PersistStg);
1933     /* keeping a reference to This->dataCache_PersistStg causes us to keep
a
1934      * reference on the outer object */
1935     if (SUCCEEDED(hr))
1936       IUnknown_Release(This->outerUnknown);
1937     else
1938       IUnknown_Release(This->dataCache);
1939 }
...
--- snip ---

Outer unknown is gone after line 1936 which should not happen.

$ sha1sum v21.5.3.exe 
03958ea4ad4877bfdcdfd253845c677a94c53294  v21.5.3.exe

$ du -sh v21.5.3.exe 
56M    v21.5.3.exe

$ wine --version
wine-1.7.25-21-gc87901d

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list