http://bugs.winehq.org/show_bug.cgi?id=14015
Summary: Eclipse 3.3.x (customized) crashes on null REFCLSID passed to ole32.WriteClassStg Product: Wine Version: CVS/GIT Platform: PC URL: http://www.eclipse.org/downloads OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ole AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net
Created an attachment (id=14205) --> (http://bugs.winehq.org/attachment.cgi?id=14205) Patch to handle null REFCLSID in ole32.WriteClassStg properly
Hello,
this bug report is based on a (Customer) Eclipse 3.3 Europa with lots of additional plugins (OpenArchitectureWare/Enterprise Architect Integration/Microsoft Pict). It's not encountered with standard Eclipse 3.3 version.
The first crash is due to not handling null REFCLSID in ole32.WriteClassStg:
--- snip --- .. err:ole:apartment_getclassobject DllGetClassObject returned error 0x80004002 err:ole:CoGetClassObject no class object {8856f961-340a-11d0-a96b-00c04fd705a2} could be created for context 0x3 fixme:shdocvw:PersistStorage_InitNew (0x5566ea0)->(0x6825678) fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e8c8) fixme:shdocvw:ViewObject_SetAdvise (0x5566ea0)->(1 00000000 0x5f557e8) fixme:shdocvw:OleObject_Advise (0x5566ea0)->(0x5f557e8, 0x29ae950) fixme:shdocvw:WebBrowser_QueryInterface (0x5566ea0)->({0000011d-0000-0000-c000-000000000046} 0x29ae950) interface not supported fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e97c) fixme:shdocvw:PersistStorage_Save (0x5566ea0)->(0x6825678 1) First chance exception: page fault on read access to 0x00000000 in 32-bit code (0x60cccd3b). .. Backtrace: =>1 0x60cccd3b StorageBaseImpl_SetClass+0x9b(iface=0x6825678, clsid=0x0) [/home/focht/wine-git/dlls/ole32/storage32.c:1136] in ole32 (0x0033e96c) 2 0x60cc63f1 WriteClassStg+0x21(pStg=0x6825678, rclsid=0x0) [/home/focht/wine-git/dlls/ole32/storage32.c:6290] in ole32 (0x0033e97c) 3 0x0505589b in swt-win32-3349 (+0x2589b) (0x0033e9a8) 4 0x00749c91 XChangeKeyboardControl+0x111() in libx11.so.6 (0x0033e9e8) 5 0x00742dd5 in libx11.so.6 (+0xddd5) (0x0033ea20) .. --- snip ---
For the interested, the relevant Eclipse JNI COM wrapper snippet reads like this:
--- snip (swt-win32-3349.dll) --- /* * Class: org_eclipse_swt_internal_ole_win32_COM * Method: WriteClassStg * Signature: (ILorg/eclipse/swt/internal/ole/win32/GUID;)I */ JNIEXPORT jint JNICALL Java_org_eclipse_swt_internal_ole_win32_COM_WriteClassStg (JNIEnv *env, jclass that, jint pStg, jobject rclsid) { GUID guid, *rclsid1=NULL; jint rc;
#ifdef DEBUG_CALL_PRINTS fprintf(stderr, "WriteClassStg\n"); #endif if (rclsid) { rclsid1=&guid; getGUIDFields(env, rclsid, rclsid1); } rc = (jint) WriteClassStg((IStorage *)pStg, rclsid1);
if (rclsid) { setGUIDFields(env, rclsid, rclsid1); } return rc; } --- snip (swt-win32-3349.dll) ---
If for whatever reason, a null rclsid is passed in, NULL will be passed to WriteClassStg. Wine should handle this case properly.
With attached patch it goes further - to crash again (separate bug report).
Regards