recent ole32/shdocvw "regression" crashes adobe installers
James Hawkins
truiken at gmail.com
Fri Oct 6 13:02:52 CDT 2006
Hi,
A recent patch by Rob Shearman has caused two Adobe installers to
crash when they try to load up a WebBrowser control to display a EULA:
Commit: ccb634fdee50936c35880a6cffd70e0bcd946b5a
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=ccb634fdee50936c35880a6cffd70e0bcd946b5a
Author: Robert Shearman <rob at codeweavers.com>
Date: Thu Aug 31 17:14:38 2006 +0100
ole32: Re-structure OleCreate to match to order of calls that native does.
Get rid of hres1 since all failures are returned. Cleanup pUnk on
failure and make sure to return NULL in ppvObj.
We get the following backtrace:
fixme:ole:OleCreate
{8856f961-340a-11d0-a96b-00c04fd705a2}
{00000112-0000-0000-c000-000000000046} semi-stub!
fixme:shdocvw:PersistStorage_InitNew (0x1f62b0)->(0x10013378)
wine: Unhandled page fault on read access to 0x00000000 at address
0x100047b0 (thread
...
Backtrace:
=>1 0x100047b0 in epic_eula (+0x47b0) (0x100047b0)
fixme:dbghelp:elf_load_debug_info_from_map Alpha-support for Dwarf2
information for user32<elf>
2 0x7ebcf97a WINPROC_wrapper+0x1a in user32 (0x7ebcf97a)
3 0x7ebd0126 call_dialog_proc+0x66(hwnd=0x10034, msg=0x110, wp=0x0,
lp=0x761958, result=0x33bbbc, arg=0x10009010)
[/home/jhawkins/wine/dlls/user/winproc.c:473] in user32 (0x7ebd0126)
4 0x7ebd490d WINPROC_CallDlgProcW+0x4d(func=0xffff0020,
hwnd=0x10034, msg=0x110, wParam=0x0, lParam=0x761958)
[/home/jhawkins/wine/dlls/user/winproc.c:2339] in user32 (0x7ebd490d)
5 0x7eb7118b DefDlgProcW+0x5b(hwnd=0x10034, msg=0x110, wParam=0x0,
lParam=0x761958) [/home/jhawkins/wine/dlls/user/defdlg.c:493] in
user32 (0x7eb7118b)
6 0x7ebcf97a WINPROC_wrapper+0x1a in user32 (0x7ebcf97a)
7 0x7ebd1956 call_window_proc+0x66(hwnd=0x10034, msg=0x110, wp=0x0,
lp=0x761958, result=0x33bcbc, arg=0x7eb71130)
[/home/jhawkins/wine/dlls/user/winproc.c:452] in user32 (0x7ebd1956)
8 0x7ebd49fd CallWindowProcW+0x4d(func=0x7eb71130, hwnd=0x10034,
msg=0x110, wParam=0x0, lParam=0x761958)
[/home/jhawkins/wine/dlls/user/winproc.c:2252] in user32 (0x7ebd49fd)
9 0x7eba3197 call_window_proc+0x127(hwnd=<register not in topmost
frame>, msg=0x110, wparam=0x0, lparam=0x761958, unicode=0x1,
same_thread=0x1) [/home/jhawkins/wine/dlls/user/message.c:1531] in
user32 (0x7eba3197)
10 0x7eba656c SendMessageTimeoutW+0x16c(hwnd=0x10034, msg=0x110,
wparam=0x0, lparam=0x761958, flags=0x0, timeout=0x0, res_ptr=0x33bdd4)
[/home/jhawkins/wine/dlls/user/message.c:2374] in user32 (0x7eba656c)
11 0x7eba65b7 SendMessageW+0x37(hwnd=0x10034, msg=0x110, wparam=0x0,
lparam=0x761958) [/home/jhawkins/wine/dlls/user/message.c:2460] in
user32 (0x7eba65b7)
12 0x7eb769a1 DIALOG_CreateIndirect+0xe91(hInst=0x340000,
dlgTemplate=<register not in topmost frame>, owner=0x10024,
dlgProc=0x10009010, param=0x761958, unicode=0x1, modal=0x1)
[/home/jhawkins/wine/dlls/user/dialog.c:637] in user32 (0x7eb769a1)
13 0x7eb7732f DialogBoxParamW+0x5f(hInst=0x340000, name=0x65,
owner=0x10024, dlgProc=0x10009010, param=0x761958)
[/home/jhawkins/wine/dlls/user/dialog.c:798] in user32 (0x7eb7732f)
14 0x10003114 in epic_eula (+0x3114) (0x10003114)
15 0x100012ea in epic_eula (+0x12ea) (0x100012ea)
16 0x00000000 (0x00000000)
0x100047b0: movl 0x0(%eax),%eax
epic_eula calls OleCreate. OleCreate calls
shdocvw:PersistStorage_InitNew which returns E_NOTIMPL. The new
version of OleCreate handles the error and sets pUnk to NULL and
returns the error value. epic_eula doesn't check the return value for
an error or check if pUnk is NULL. When the dialog loads up,
epic_eula tries to use pUnk and we crash. Note that Rob's patch is
correct and shouldn't be changed. Making PersistStorage_InitNew
return S_OK fixes the problem, but I don't know if that is acceptable
or not. The real solution is to implement PersistStorage. What are
people's thoughts on this? Is it OK to return S_OK for now?
Thanks,
James Hawkins
More information about the wine-devel
mailing list