Office 2007 MSI Crash - Null dereference @ MsiViewExecute
mike.kaplinskiy at gmail.com
Thu Apr 30 12:47:58 CDT 2009
James Hawkins wrote:
> On Thu, Apr 30, 2009 at 4:03 AM, Austin English <austinenglish at gmail.com>
>> On Tue, Apr 28, 2009 at 9:27 PM, Mike Kaplinskiy
>> <mike.kaplinskiy at gmail.com> wrote:
>>> I was looking at the trace of the crash from bug 17600, and it looks
>>> like a custom action is calling MsiViewExecute with a null hRec.
>>> I (sadly) don't know much about the wine MSI architecture, but the
>>> msiobj_lock on line 484 should fail since rec will never be fetched
>>> (null). I think the intention was to make it query->hdr (as it is
>>> released later).
>> A testcase for it would show if you're right or wrong ;-).
> Not really. If you grep through the msi tests, you'll see that we
> call MsiViewExecute with NULL hRec all over the place. That doesn't
> mean there isn't a bug, just saying.
If there are tests that check this, I don't know how they could be passing
(unless hView is invalid). The local variable rec isn't set if hRec is null,
and it is dereferenced on line 484 & 486 regardless.
I would write a test for this if I had time, but I don't know how the test
harness works, and don't have time right now to learn. (nor do I know how
the MSI framework works). It seems like it would be a big win to have this
work, since it would return the Office 07 installer to platinum status.
More information about the wine-devel