http://bugs.winehq.org/show_bug.cgi?id=14015
Summary: Eclipse 3.3.x (customized) crashes on null REFCLSID passed to ole32.WriteClassStg Product: Wine Version: CVS/GIT Platform: PC URL: http://www.eclipse.org/downloads OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: ole AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net
Created an attachment (id=14205) --> (http://bugs.winehq.org/attachment.cgi?id=14205) Patch to handle null REFCLSID in ole32.WriteClassStg properly
Hello,
this bug report is based on a (Customer) Eclipse 3.3 Europa with lots of additional plugins (OpenArchitectureWare/Enterprise Architect Integration/Microsoft Pict). It's not encountered with standard Eclipse 3.3 version.
The first crash is due to not handling null REFCLSID in ole32.WriteClassStg:
--- snip --- .. err:ole:apartment_getclassobject DllGetClassObject returned error 0x80004002 err:ole:CoGetClassObject no class object {8856f961-340a-11d0-a96b-00c04fd705a2} could be created for context 0x3 fixme:shdocvw:PersistStorage_InitNew (0x5566ea0)->(0x6825678) fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e8c8) fixme:shdocvw:ViewObject_SetAdvise (0x5566ea0)->(1 00000000 0x5f557e8) fixme:shdocvw:OleObject_Advise (0x5566ea0)->(0x5f557e8, 0x29ae950) fixme:shdocvw:WebBrowser_QueryInterface (0x5566ea0)->({0000011d-0000-0000-c000-000000000046} 0x29ae950) interface not supported fixme:shdocvw:PersistStorage_GetClassID (0x5566ea0)->(0x33e97c) fixme:shdocvw:PersistStorage_Save (0x5566ea0)->(0x6825678 1) First chance exception: page fault on read access to 0x00000000 in 32-bit code (0x60cccd3b). .. Backtrace: =>1 0x60cccd3b StorageBaseImpl_SetClass+0x9b(iface=0x6825678, clsid=0x0) [/home/focht/wine-git/dlls/ole32/storage32.c:1136] in ole32 (0x0033e96c) 2 0x60cc63f1 WriteClassStg+0x21(pStg=0x6825678, rclsid=0x0) [/home/focht/wine-git/dlls/ole32/storage32.c:6290] in ole32 (0x0033e97c) 3 0x0505589b in swt-win32-3349 (+0x2589b) (0x0033e9a8) 4 0x00749c91 XChangeKeyboardControl+0x111() in libx11.so.6 (0x0033e9e8) 5 0x00742dd5 in libx11.so.6 (+0xddd5) (0x0033ea20) .. --- snip ---
For the interested, the relevant Eclipse JNI COM wrapper snippet reads like this:
--- snip (swt-win32-3349.dll) --- /* * Class: org_eclipse_swt_internal_ole_win32_COM * Method: WriteClassStg * Signature: (ILorg/eclipse/swt/internal/ole/win32/GUID;)I */ JNIEXPORT jint JNICALL Java_org_eclipse_swt_internal_ole_win32_COM_WriteClassStg (JNIEnv *env, jclass that, jint pStg, jobject rclsid) { GUID guid, *rclsid1=NULL; jint rc;
#ifdef DEBUG_CALL_PRINTS fprintf(stderr, "WriteClassStg\n"); #endif if (rclsid) { rclsid1=&guid; getGUIDFields(env, rclsid, rclsid1); } rc = (jint) WriteClassStg((IStorage *)pStg, rclsid1);
if (rclsid) { setGUIDFields(env, rclsid, rclsid1); } return rc; } --- snip (swt-win32-3349.dll) ---
If for whatever reason, a null rclsid is passed in, NULL will be passed to WriteClassStg. Wine should handle this case properly.
With attached patch it goes further - to crash again (separate bug report).
Regards
http://bugs.winehq.org/show_bug.cgi?id=14015
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.eclipse.org/downl%7Chttp://www.eclipse.org/downl |oads |oads/download.php?file=/tech | |nology/epp/downloads/release | |/europa/winter/eclipse-java- | |europa-winter-win32.zip
--- Comment #1 from Anastasius Focht focht@gmx.net 2008-06-20 11:27:53 --- Hello,
addendum: also happens with standard Eclipse 3.3.3 "Europa" from
http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads...
The only difference is that my version doesn't run into this crash first: http://bugs.winehq.org/show_bug.cgi?id=10916 (treeview EN_UPDATE with cleared edit item selection).
Regards
http://bugs.winehq.org/show_bug.cgi?id=14015
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=14015
Rob Shearman robertshearman@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|ole |ole32
http://bugs.winehq.org/show_bug.cgi?id=14015
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #2 from Austin English austinenglish@gmail.com 2009-01-12 01:13:47 --- Still present in git.
http://bugs.winehq.org/show_bug.cgi?id=14015
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com Target Milestone|--- |1.2.0
--- Comment #3 from Dan Kegel dank@kegel.com 2009-01-13 09:22:21 --- Also affects CityEngine (which is based on Eclipse). To reproduce: register and download trial from http://www.procedural.com/purchase/trial.html Do "winetricks gdiplus" to get past bug 14196. Either "winetricks dcom98" or the above patch gets past this crash (but dcom98 is a bad idea and crashes not too long thereafter).
Since Eclipse is being used as the basis for more and more apps, and is popular in its own right, and the bug has an easy patch, I'm nominating this for 1.2.
http://bugs.winehq.org/show_bug.cgi?id=14015
Andrey Turkin andrey.turkin@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |andrey.turkin@gmail.com
--- Comment #4 from Andrey Turkin andrey.turkin@gmail.com 2009-01-15 09:05:00 --- Should be fixed with current git
http://bugs.winehq.org/show_bug.cgi?id=14015
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #5 from Dan Kegel dank@kegel.com 2009-01-15 10:06:51 --- Cityengine gets past this now,thanks!
http://bugs.winehq.org/show_bug.cgi?id=14015
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org 2009-01-16 10:38:38 --- Closing bugs fixed in 1.1.13.
http://bugs.winehq.org/show_bug.cgi?id=14015
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
http://bugs.winehq.org/show_bug.cgi?id=14015
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |d20ab01ed27e48e44fee8f2cb78 | |a7804e78a26d4 Version|unspecified |1.0.0
--- Comment #7 from Anastasius Focht focht@gmx.net 2011-10-12 03:47:09 CDT --- Hello,
filling/correcting fields ...
Regards
https://bugs.winehq.org/show_bug.cgi?id=14015
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.eclipse.org/down |https://web.archive.org/web |loads/download.php?file=/te |/20150303033139/http://arch |chnology/epp/downloads/rele |ive.eclipse.org/technology/ |ase/europa/winter/eclipse-j |epp/downloads/release/europ |ava-europa-winter-win32.zip |a/winter/eclipse-java-europ | |a-winter-win32.zip
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
adding stable download link via Internet Archive for documentation.
https://web.archive.org/web/20150303033139/http://archive.eclipse.org/techno...
$ sha1sum eclipse-java-europa-winter-win32.zip 9ccc4fb7f9491c0f130eed3b701588c3c1420425 eclipse-java-europa-winter-win32.zip
$ du -sh eclipse-java-europa-winter-win32.zip 80M eclipse-java-europa-winter-win32.zip
--- snip --- $ 7z t eclipse-java-europa-winter-win32.zip
Scanning the drive for archives: 1 file, 83191350 bytes (80 MiB)
Testing archive: eclipse-java-europa-winter-win32.zip -- Path = eclipse-java-europa-winter-win32.zip Type = zip Physical Size = 83191350
Everything is Ok
Folders: 118 Files: 796 Size: 92738725 Compressed: 83191350 --- snip ---
Regards