http://bugs.winehq.org/show_bug.cgi?id=20037
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net 2010-06-09 15:33:40 --- Hello,
Visual C++ Redistributable Package Version 2010 (10.00.30319.xxx) also suffers from various msxml3 shortcomings - resulting in crash without native msxml3 override.
One bug - the crash due to a shortcoming in domdoc_validate() stub - should be targeted here.
When an XML document load/parser failure is encountered, various apps/installers call validate() on DOM doc and expect a valid parser instance returned. Some app code (including Microsoft) access the parse error instance directly (out param) - without checking HRESULT - leading to crash.
--- snip --- 0045:trace:msxml:xmlcf_CreateInstance (nil) {2933bf95-7b36-11d2-b20e-00c04f983e60} 0x33f580 0045:trace:msxml:DOMDocument_create ((nil),0x33f39c) ... 0045:trace:msxml:xmldoc_add_ref 1 0045:trace:msxml:DOMDocument_create_from_xmldoc returning iface 0x149670 0045:trace:msxml:domdoc_QueryInterface (0x149650)->({2933bf95-7b36-11d2-b20e-00c04f983e60} 0x33f580) 0045:trace:msxml:domdoc_AddRef 0x149650 0045:trace:msxml:domdoc_Release 0x149650 0045:Ret ole32.CoCreateInstance() retval=00000000 ret=100591cb 0045:trace:msxml:domdoc_loadXML (0x149650)->(L"<?xml version=\"1.0\" encoding=\"utf-16\"?>\r\n<SetupUI xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui%5C" xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui%5C" >\r\n <UI>\r\n\r\n <ResourceDll>SetupResources.dll</ResourceDll>\r\n <SplashScreen>\r\n <Hide/>\r\n </Spl"... 0x33f530) ... 0045:trace:msxml:xmldoc_release 0 0045:trace:msxml:xmldoc_release freeing docptr 0x7c05c3c8 0045:Call ntdll.RtlFreeHeap(00110000,00000000,00149068) ret=68ea3fce 0045:Ret ntdll.RtlFreeHeap() retval=00000001 ret=68ea3fce 0045:trace:msxml:xmldoc_add_ref 1 0045:fixme:msxml:domdoc_validate (0x149650)->(0x33f4dc) 0045:trace:seh:raise_exception code=c0000005 flags=0 addr=0x1002b220 ip=1002b220 tid=0045 0045:trace:seh:raise_exception info[0]=00000000 0045:trace:seh:raise_exception info[1]=00000000 0045:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=0033f578 edi=0033f580 0045:trace:seh:raise_exception ebp=0033f4ec esp=0033f4cc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0045:trace:seh:call_vectored_handlers calling handler at 0x68ade100 code=c0000005 flags=0 0045:trace:seh:call_vectored_handlers handler at 0x68ade100 returned 0 0045:trace:seh:call_stack_handlers calling handler at 0x1008ff77 code=c0000005 flags=0 ... --- snip ---
Translated app sequence is basically like this:
--- snip --- 1. CoCreateInstance( uuidof(DOMDocument30)) -> DOM doc 2. doc->loadXML( ...) returns: S_FALSE (parser error encountered) 3. doc->validate( &parseError) 4. parseError->get_reason() (crash because parseError is NULL) ... --- snip ---
Wine should at least return some dummy parser to work around apps that try to access the parser instance directly without checking HRESULT.
--- snip dlls/msxml3/domdoc.c --- static HRESULT WINAPI domdoc_validate( IXMLDOMDocument2* iface, IXMLDOMParseError** err) { domdoc *This = impl_from_IXMLDOMDocument2( iface ); FIXME("(%p)->(%p)\n", This, err); return E_NOTIMPL; } --- snip dlls/msxml3/domdoc.c ---
With a dummy parser returned, the crash is prevented and the apps at least show/log some error. The other problems (parser failure in first place, real validate() impl.) should be targeted by different bugs.
Regards