Office 2007 MSI Crash - Null dereference @ MsiViewExecute

Mike Kaplinskiy mike.kaplinskiy at
Thu Apr 30 12:47:58 CDT 2009

James Hawkins wrote:

> On Thu, Apr 30, 2009 at 4:03 AM, Austin English <austinenglish at>
> wrote:
>> On Tue, Apr 28, 2009 at 9:27 PM, Mike Kaplinskiy
>> <mike.kaplinskiy at> wrote:
>>> I was looking at the trace of the crash from bug 17600, and it looks
>>> like a custom action is calling MsiViewExecute with a null hRec.
>>> I (sadly) don't know much about the wine MSI architecture, but the
>>> msiobj_lock on line 484 should fail since rec will never be fetched
>>> (null). I think the intention was to make it query->hdr (as it is
>>> released later).
>> A testcase for it would show if you're right or wrong ;-).
> Not really.  If you grep through the msi tests, you'll see that we
> call MsiViewExecute with NULL hRec all over the place.  That doesn't
> mean there isn't a bug, just saying.

If there are tests that check this, I don't know how they could be passing 
(unless hView is invalid). The local variable rec isn't set if hRec is null, 
and it is dereferenced on line 484 & 486 regardless.

I would write a test for this if I had time, but I don't know how the test 
harness works, and don't have time right now to learn. (nor do I know how 
the MSI framework works). It seems like it would be a big win to have this 
work, since it would return the Office 07 installer to platinum status.

More information about the wine-devel mailing list