http://bugs.winehq.org/show_bug.cgi?id=16999
Summary: Visual C++ 2005 Express IDE: stack overflow at startup due to empty class id string Product: Wine Version: 1.1.13 Platform: Other URL: http://www.microsoft.com/express/2005/download/default.a spx OS/Version: other Status: UNCONFIRMED Severity: normal Priority: P2 Component: ole32 AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net
Hello,
prerequisites:
Patch from bug 5054 to work around invalid URL cache entries (http://bugs.winehq.org/attachment.cgi?id=18726)
1. clean WINEPREFIX 2. sh winetricks -q dotnet20 msxml6 3. download and run web installer (see URL) 4. start the VC++ 2005 IDE (wine VCExpress.exe) ---
The IDE crashes due to stack overflow.
--- snip --- ... 0038:Call advapi32.RegQueryValueExW(00000418,50061238 L"MRUCommand2GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41 0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=50008e41 0038:Call advapi32.RegQueryValueExW(00000418,502800c8 L"MRUCommand2ID",00000000,00000000,00328c38,00328c34) ret=501f1800 0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=501f1800 0038:Call ole32.CLSIDFromString(00328c40 L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}",50758004) ret=501f181a 0038:trace:ole:__CLSIDFromString L"{5EFC7975-14BC-11CF-9B2B-00AA00573819}" -> 0x50758004 0038:Ret ole32.CLSIDFromString() retval=00000000 ret=501f181a 0038:CALL MSVCR80.memset(003289f0,00000000,00000204) ret=50008e1d 0038:RET MSVCR80.memset() retval=003289f0 ret=50008e1d 0038:Call advapi32.RegQueryValueExW(00000418,50061258 L"MRUCommand3GUID",00000000,003289e8,003289ec,003289e0) ret=50008e41 0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=50008e41 0038:Call advapi32.RegQueryValueExW(00000418,502800e4 L"MRUCommand3ID",00000000,00000000,00328c38,00328c34) ret=501f1847 0038:Ret advapi32.RegQueryValueExW() retval=00000000 ret=501f1847 0038:Call ole32.CLSIDFromString(00328c40 L"",50758018) ret=501f1861 0038:Call KERNEL32.GetProcessHeap() ret=604e16fd 0038:Ret KERNEL32.GetProcessHeap() retval=00110000 ret=604e16fd 0038:Call ntdll.RtlAllocateHeap(00110000,00000000,00000010) ret=604e1711 0038:Ret ntdll.RtlAllocateHeap() retval=00ed1298 ret=604e1711 0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\CLSID",00328acc) ret=604e1758 0038:Ret advapi32.RegOpenKeyW() retval=00000000 ret=604e1758 ... 0038:Call advapi32.RegOpenKeyW(80000000,00ed1298 L"\CLSID",0023294c) ret=604e1758 0038:Ret advapi32.RegOpenKeyW() retval=00000000 ret=604e1758 0038:Call KERNEL32.GetProcessHeap() ret=604e17f0 0038:Ret KERNEL32.GetProcessHeap() retval=00110000 ret=604e17f0 0038:Call ntdll.RtlFreeHeap(00110000,00000000,00ed1298) ret=604e1809 0038:Ret ntdll.RtlFreeHeap() retval=00000001 ret=604e1809 0038:Call advapi32.RegQueryValueW(0000043c,00000000,00232956,00232950) ret=604e182d 0038:Ret advapi32.RegQueryValueW() retval=00000000 ret=604e182d 0038:Call advapi32.RegCloseKey(0000043c) ret=604e18b1 0038:Ret advapi32.RegCloseKey() retval=00000000 ret=604e18b1 0038:trace:seh:raise_exception code=c00000fd flags=0 addr=0x601e289e ip=0x601e289e tid=0038 0038:trace:seh:raise_exception eax=00000000 ebx=602e4ff4 ecx=00232720 edx=00000000 esi=00000000 edi=0023268c 0038:trace:seh:raise_exception ebp=00232038 esp=00231ffc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0038:trace:seh:call_stack_handlers calling handler at 0x506ea492 code=c00000fd flags=0 0038:err:seh:setup_exception_record stack overflow 976 bytes in thread 0038 eip 601b4678 esp 00230f60 stack 0x230000-0x231000-0x330000 --- snip ---
Relevant registry data:
--- snip --- [HKEY_USERS\S-1-5-4\Software\Microsoft\VCExpress\8.0\StartPage]
"Command1"="{F3192B90-EA73-480F-9471-04524118D767}|20487|"
"Command2"="{F3192B90-EA73-480F-9471-04524118D767}|20482|"
"Command3"="{F3192B90-EA73-480F-9471-04524118D767}|20480|"
"Command4"="{F3192B90-EA73-480F-9471-04524118D767}|20481|"
"Command5"="{F3192B90-EA73-480F-9471-04524118D767}|20483|"
"Command6"="{F3192B90-EA73-480F-9471-04524118D767}|20485|"
"DownloadState"=dword:00000000
"MRUCommand1GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"
"MRUCommand1ID"=dword:000000d8
"MRUCommand2GUID"="{5EFC7975-14BC-11CF-9B2B-00AA00573819}"
"MRUCommand2ID"=dword:00000141
"MRUCommand3GUID"=""
"MRUCommand3ID"=dword:00000000
"MRUCommand4GUID"=""
"MRUCommand4ID"=dword:00000000 --- snip ---
The problem is actually a bug in CLSIDFromProgID() when passed an empty id string which results in nice recursion :-)
--- snip dlls/ole32/compobj.c --- HRESULT WINAPI CLSIDFromString(LPOLESTR idstr, CLSID *id ) { HRESULT ret;
if (!id) return E_INVALIDARG;
ret = __CLSIDFromString(idstr, id); if(ret != S_OK) { /* It appears a ProgID is also valid */ ret = CLSIDFromProgID(idstr, id); } return ret; }
... HRESULT WINAPI CLSIDFromProgID(LPCOLESTR progid, LPCLSID clsid) { static const WCHAR clsidW[] = { '\','C','L','S','I','D',0 }; WCHAR buf2[CHARS_IN_GUID]; LONG buf2len = sizeof(buf2); HKEY xhkey; WCHAR *buf;
if (!progid || !clsid) { ERR("neither progid (%p) nor clsid (%p) are optional\n", progid, clsid); return E_INVALIDARG; }
/* initialise clsid in case of failure */ memset(clsid, 0, sizeof(*clsid));
buf = HeapAlloc( GetProcessHeap(),0,(strlenW(progid)+8) * sizeof(WCHAR) ); strcpyW( buf, progid ); strcatW( buf, clsidW ); if (RegOpenKeyW(HKEY_CLASSES_ROOT,buf,&xhkey)) { HeapFree(GetProcessHeap(),0,buf); WARN("couldn't open key for ProgID %s\n", debugstr_w(progid)); return CO_E_CLASSSTRING; } HeapFree(GetProcessHeap(),0,buf);
if (RegQueryValueW(xhkey,NULL,buf2,&buf2len)) { RegCloseKey(xhkey); WARN("couldn't query clsid value for ProgID %s\n", debugstr_w(progid)); return CO_E_CLASSSTRING; } RegCloseKey(xhkey); return CLSIDFromString(buf2,clsid); }
--- snip dlls/ole32/compobj.c ---
CLSIDFromProgID() needs to be fixed for the empty cls/prog id string case.
With proper patch applied, the IDE starts.
Regards