http://bugs.winehq.org/show_bug.cgi?id=29552
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|build-env |shell32
--- Comment #3 from Anastasius Focht focht@gmx.net 2012-01-07 14:15:41 CST --- Hello GyB,
--- quote --- The crash occurs with the default -O2. --- quote ---
Ok, I was building with default compiler settings but not Fedora distribution compiler flags ("rpm --eval %{optflags}" -> "-g -O2") hence I didn't get the crash. The optimization level leads to different stack usage/local variable values so "-fomit-frame-pointer" actually hides another bug.
The problem is hidden in shell32 get_known_folder_path_by_id()
The installer calls IKnownFolder::GetPath() but doesn't initialize the out parameter explicitly (lives on stack some frames up). Depending on previous calls stack usage there is a chance to encounter garbage.
It looks for game tasks folder using IKnownFolderManager as part of gameux registration. "C:\users\Public\Microsoft\Windows\GameExplorer" doesn't exist in clean WINEPREFIX.
--- snip --- Wine-dbg>bt Backtrace: =>0 0x739da051 SHGetFolderPathAndSubDirW+0x5e1(hwndOwner=(nil), nFolder=0x58, hToken=0x0(nil), dwFlags=0, pszSubPath=0x0(nil), pszPath="C:\users\Public\Microsoft\Windows\GameExplorer") [/home/focht/projects/wine/wine-git/dlls/shell32/shellpath.c:2252] in shell32 (0x00f5e384) 1 0x739da8f1 SHGetFolderPathW+0x40(hwndOwner=(nil), nFolder=0x58, hToken=0x0(nil), dwFlags=0, pszPath="C:\users\Public\Microsoft\Windows\GameExplorer") [/home/focht/projects/wine/wine-git/dlls/shell32/shellpath.c:2086] in shell32 (0x00f5e3b4) 2 0x739dcb71 SHGetKnownFolderPath+0x1d0(rfid=0x168218, flags=0, token=0x0(nil), path=0xf5e760) [/home/focht/projects/wine/wine-git/dlls/shell32/shellpath.c:3033] in shell32 (0x00f5e624) 3 0x739dcd9b get_known_folder_path_by_id+0x18a(folderId=0x168218, lpRegistryPath=<internal error>, dwFlags=0, ppszPath=0xf5e760) [/home/focht/projects/wine/wine-git/dlls/shell32/shellpath.c:3511] in shell32 (0x00f5e6d4) 4 0x739dd67a knownfolder_GetPath+0x79(iface=0x168210, dwFlags=0, ppszPath=0xf5e760) [/home/focht/projects/wine/wine-git/dlls/shell32/shellpath.c:3534] in shell32 (0x00f5e724) 5 0x00f6625a in games (+0x6259) (0x00f5e774) --- snip ---
Because of this, the out parameter is never allocated/copied to.
Source: http://source.winehq.org/git/wine.git/blob/a603e9871e21888216672003e2455dfac...
If there was any regression it would be this commit:
http://source.winehq.org/git/wine.git/commitdiff/08186a9c26e954aea26ad0129ca...
which dereferenced "ppszPath" out parameter without looking at HRESULT value (from SHGetKnownFolderPath -> SHGetFolderPathW ...).
Regards