https://bugs.winehq.org/show_bug.cgi?id=40945
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |normal URL|https://web.archive.org/web |https://web.archive.org/web |/*/http://download.microsof |/20160401071609/http://down |t.com/download/platformsdk/ |load.microsoft.com/download |wmi9x/1.5/W9X/EN-US/wmi9x.e |/platformsdk/wmi9x/1.5/W9X/ |xe |EN-US/wmi9x.exe
--- Comment #3 from Gijs Vermeulen gijsvrm@gmail.com --- This is still present in wine-5.14.
I've debugged this a bit and I think there are multiple issues here.
1) The installer calls IWbemServices::GetObject to query "__NAMESPACE". get_object calls create_instance_enum which calls exec_query. This all succeeds, but will cause view->table_count to be 0.
It seems IWbemServices::GetObject should maybe use get_propval to go to get_system_propval so the right things are returned.
2) The actual cause of the crash is that after create_instance_enum returns, get_object calls create_class_object and the app will use the returned IWbemClassObject to call IWbemClassObject::SpawnInstance. SpawnInstance calls create_record with a NULL table. Since table->num_cols is 0, record->fields won't be properly alloc'd, ultimately leading to a crash.