[Bug 51425] New: Mathearbeit G 5.6 installer reports null pointer exception in module 'shell32.dll' starting with Wine 6.9-142-g98d43c5dcfb
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Jul 8 06:21:20 CDT 2021
https://bugs.winehq.org/show_bug.cgi?id=51425
Bug ID: 51425
Summary: Mathearbeit G 5.6 installer reports null pointer
exception in module 'shell32.dll' starting with Wine
6.9-142-g98d43c5dcfb
Product: Wine
Version: 6.12
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: shell32
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
while revisiting bug 38740 ("Mathearbeit G 5.6 installer hangs during
installation (ShellFolder attributes for virtual folder 'CLSID_Printers', clsid
'{2227a280-3aea-1069-a2de-08002b30309d}' missing in registry)") to validate the
claim that the bug has been fixed I've found a regression which actually hides
the original bug.
Stable download link via Internet Archive:
https://web.archive.org/web/20210708082931/http://zahlenbasar.de/MA_DL/setupgs5_6.exe
--- snip ---
...
0118:trace:shell:_SHGetUserShellFolderPath
0x80000002,(null),L"{00000000-0000-0000-0000-000000000000}",0x32ea98
0118:Call advapi32.RegCreateKeyW(80000002,7daf0dc0
L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell
Folders",0032e18c) ret=7daa23be
...
0118:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7daa23be
0118:Call advapi32.RegCreateKeyW(80000002,7daf0d20
L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell
Folders",0032e188) ret=7daa23d8
...
0118:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7daa23d8
0118:Call advapi32.RegQueryValueExW(000000f0,0032e800
L"{00000000-0000-0000-0000-000000000000}",00000000,0032e190,0032ea98,0032e194)
ret=7daa2417
...
0118:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7daa2417
...
0118:trace:shell:_SHGetUserShellFolderPath returning 0x80004005
0118:trace:shell:_SHGetDefaultValue 0x45,0x32ea98
0118:trace:seh:dispatch_exception code=c0000005 flags=0 addr=7DAA0EA5
ip=7daa0ea5 tid=0118
0118:trace:seh:dispatch_exception info[0]=00000000
0118:trace:seh:dispatch_exception info[1]=00000000
0118:warn:seh:dispatch_exception EXCEPTION_ACCESS_VIOLATION exception
(code=c0000005) raised
0118:trace:seh:dispatch_exception eax=00000000 ebx=00000045 ecx=0032e354
edx=0032e37e esi=0032ea98 edi=00000000
0118:trace:seh:dispatch_exception ebp=0032e7d8 esp=0032e7a0 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0118:trace:seh:call_vectored_handlers calling handler at 7B00F750 code=c0000005
flags=0
0118:trace:seh:call_vectored_handlers handler at 7B00F750 returned 0
0118:trace:seh:call_stack_handlers calling handler at 004D512B code=c0000005
flags=0
0118:trace:seh:call_stack_handlers handler at 004D512B returned 1
0118:trace:seh:call_stack_handlers calling handler at 004E2570 code=c0000005
flags=0
0118:trace:seh:call_stack_handlers handler at 004E2570 returned 1
0118:trace:seh:call_stack_handlers calling handler at 0044B389 code=c0000005
flags=0
...
0118:Call user32.MessageBoxA(0001009a,02dbd314 "Zugriffsverletzung bei Adresse
7DAA0EA5 in Modul 'shell32.dll'. Lesen von Adresse 00000000.",013f5160
"MATHEARBEIT G Setup",00000010) ret=0045273f
...
--- snip ---
After dismissing the dialog, the installer runs further and indeed completes
without live-looping (copies files). Bug 38740 *appears* to be fixed but in
fact it's not.
Commit
https://source.winehq.org/git/wine.git/commitdiff/98d43c5dcfb28183667d874d4c07dfd9bb434149
("shell32: Calculate known folder paths from parent and relative path."), part
of Wine 6.10 release, introduced a regression which causes a NULL pointer
exception the reworked shell32 code.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/shell32/shellpath.c#l2446
--- snip ---
2446 { /* 0x45 */
2447 &GUID_NULL,
2448 CSIDL_Type_User,
2449 NULL,
2450 DocumentsW
2451 },
--- snip ---
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/shell32/shellpath.c#l3470
--- snip ---
3470 /* Gets a 'semi-expanded' default value of the CSIDL with index folder
into
3471 * pszPath, based on the entries in CSIDL_Data. By semi-expanded, I mean:
3472 * - Depending on the entry's type, the path may begin with an
(unexpanded)
3473 * environment variable name. The caller is responsible for expanding
3474 * environment strings if so desired.
3475 * The types that are prepended with environment variables are:
3476 * CSIDL_Type_User: %USERPROFILE%
3477 * CSIDL_Type_AllUsers: %ALLUSERSPROFILE%
3478 * CSIDL_Type_CurrVer: %SystemDrive%
3479 * (Others might make sense too, but as yet are unneeded.)
3480 */
3481 static HRESULT _SHGetDefaultValue(BYTE folder, LPWSTR pszPath)
3482 {
3483 HRESULT hr;
3484
3485 TRACE("0x%02x,%p\n", folder, pszPath);
3486
3487 if (folder >= ARRAY_SIZE(CSIDL_Data))
3488 return E_INVALIDARG;
3489
3490 if (!pszPath)
3491 return E_INVALIDARG;
3492
3493 if (!is_win64)
3494 {
3495 BOOL is_wow64;
3496
3497 switch (folder)
3498 {
3499 case CSIDL_PROGRAM_FILES:
3500 case CSIDL_PROGRAM_FILESX86:
3501 IsWow64Process( GetCurrentProcess(), &is_wow64 );
3502 folder = is_wow64 ? CSIDL_PROGRAM_FILESX86 :
CSIDL_PROGRAM_FILES;
3503 break;
3504 case CSIDL_PROGRAM_FILES_COMMON:
3505 case CSIDL_PROGRAM_FILES_COMMONX86:
3506 IsWow64Process( GetCurrentProcess(), &is_wow64 );
3507 folder = is_wow64 ? CSIDL_PROGRAM_FILES_COMMONX86 :
CSIDL_PROGRAM_FILES_COMMON;
3508 break;
3509 }
3510 }
3511
3512 if (IsEqualGUID(CSIDL_Data[folder].fidParent, &GUID_NULL))
3513 {
3514 /* hit the root, sub in env var */
3515 switch (CSIDL_Data[folder].type)
3516 {
3517 case CSIDL_Type_User:
3518 strcpyW(pszPath, UserProfileW);
3519 break;
3520 case CSIDL_Type_AllUsers:
3521 strcpyW(pszPath, PublicProfileW);
3522 break;
3523 case CSIDL_Type_ProgramData:
3524 strcpyW(pszPath, ProgramDataVarW);
3525 break;
3526 case CSIDL_Type_CurrVer:
3527 strcpyW(pszPath, SystemDriveW);
3528 break;
3529 default:
3530 ; /* no corresponding env. var, do nothing */
3531 }
3532 hr = S_OK;
3533 }else{
3534 /* prepend with parent */
3535 hr =
_SHGetDefaultValue(csidl_from_id(CSIDL_Data[folder].fidParent), pszPath);
3536 }
3537
3538 if (SUCCEEDED(hr))
3539 append_relative_path(folder, pszPath);
3540
3541 TRACE("returning 0x%08x\n", hr);
3542 return hr;
3543 }
--- snip ---
Line 3512 -> 'fidParent' member is zero-init for 'CSIDL_Data' 0x45 folder
entry, causing null pointer exception.
After fixing the regression, the installer runs into bug 38740
$ sha1sum setupgs5_6.exe
fbbbae71ce4214e3848ae29399fa3b271bd6763f setupgs5_6.exe
$ du -sh setupgs5_6.exe
5.8M setupgs5_6.exe
$ wine --version
wine-6.12-125-g6763ed84cf0
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list