Hi,

A recent patch by Rob Shearman has caused two Adobe installers to crash when they try to load up a WebBrowser control to display a EULA:

Commit: ccb634fdee50936c35880a6cffd70e0bcd946b5a URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=ccb634fdee50936c35880a6c...

Author: Robert Shearman <rob at codeweavers.com> Date: Thu Aug 31 17:14:38 2006 +0100

ole32: Re-structure OleCreate to match to order of calls that native does.

Get rid of hres1 since all failures are returned. Cleanup pUnk on failure and make sure to return NULL in ppvObj.

We get the following backtrace:

fixme:ole:OleCreate {8856f961-340a-11d0-a96b-00c04fd705a2} {00000112-0000-0000-c000-000000000046} semi-stub! fixme:shdocvw:PersistStorage_InitNew (0x1f62b0)->(0x10013378) wine: Unhandled page fault on read access to 0x00000000 at address 0x100047b0 (thread ... Backtrace: =>1 0x100047b0 in epic_eula (+0x47b0) (0x100047b0) fixme:dbghelp:elf_load_debug_info_from_map Alpha-support for Dwarf2 information for user32<elf> 2 0x7ebcf97a WINPROC_wrapper+0x1a in user32 (0x7ebcf97a) 3 0x7ebd0126 call_dialog_proc+0x66(hwnd=0x10034, msg=0x110, wp=0x0, lp=0x761958, result=0x33bbbc, arg=0x10009010) [/home/jhawkins/wine/dlls/user/winproc.c:473] in user32 (0x7ebd0126) 4 0x7ebd490d WINPROC_CallDlgProcW+0x4d(func=0xffff0020, hwnd=0x10034, msg=0x110, wParam=0x0, lParam=0x761958) [/home/jhawkins/wine/dlls/user/winproc.c:2339] in user32 (0x7ebd490d) 5 0x7eb7118b DefDlgProcW+0x5b(hwnd=0x10034, msg=0x110, wParam=0x0, lParam=0x761958) [/home/jhawkins/wine/dlls/user/defdlg.c:493] in user32 (0x7eb7118b) 6 0x7ebcf97a WINPROC_wrapper+0x1a in user32 (0x7ebcf97a) 7 0x7ebd1956 call_window_proc+0x66(hwnd=0x10034, msg=0x110, wp=0x0, lp=0x761958, result=0x33bcbc, arg=0x7eb71130) [/home/jhawkins/wine/dlls/user/winproc.c:452] in user32 (0x7ebd1956) 8 0x7ebd49fd CallWindowProcW+0x4d(func=0x7eb71130, hwnd=0x10034, msg=0x110, wParam=0x0, lParam=0x761958) [/home/jhawkins/wine/dlls/user/winproc.c:2252] in user32 (0x7ebd49fd) 9 0x7eba3197 call_window_proc+0x127(hwnd=<register not in topmost frame>, msg=0x110, wparam=0x0, lparam=0x761958, unicode=0x1, same_thread=0x1) [/home/jhawkins/wine/dlls/user/message.c:1531] in user32 (0x7eba3197) 10 0x7eba656c SendMessageTimeoutW+0x16c(hwnd=0x10034, msg=0x110, wparam=0x0, lparam=0x761958, flags=0x0, timeout=0x0, res_ptr=0x33bdd4) [/home/jhawkins/wine/dlls/user/message.c:2374] in user32 (0x7eba656c) 11 0x7eba65b7 SendMessageW+0x37(hwnd=0x10034, msg=0x110, wparam=0x0, lparam=0x761958) [/home/jhawkins/wine/dlls/user/message.c:2460] in user32 (0x7eba65b7) 12 0x7eb769a1 DIALOG_CreateIndirect+0xe91(hInst=0x340000, dlgTemplate=<register not in topmost frame>, owner=0x10024, dlgProc=0x10009010, param=0x761958, unicode=0x1, modal=0x1) [/home/jhawkins/wine/dlls/user/dialog.c:637] in user32 (0x7eb769a1) 13 0x7eb7732f DialogBoxParamW+0x5f(hInst=0x340000, name=0x65, owner=0x10024, dlgProc=0x10009010, param=0x761958) [/home/jhawkins/wine/dlls/user/dialog.c:798] in user32 (0x7eb7732f) 14 0x10003114 in epic_eula (+0x3114) (0x10003114) 15 0x100012ea in epic_eula (+0x12ea) (0x100012ea) 16 0x00000000 (0x00000000) 0x100047b0: movl 0x0(%eax),%eax

epic_eula calls OleCreate. OleCreate calls shdocvw:PersistStorage_InitNew which returns E_NOTIMPL. The new version of OleCreate handles the error and sets pUnk to NULL and returns the error value. epic_eula doesn't check the return value for an error or check if pUnk is NULL. When the dialog loads up, epic_eula tries to use pUnk and we crash. Note that Rob's patch is correct and shouldn't be changed. Making PersistStorage_InitNew return S_OK fixes the problem, but I don't know if that is acceptable or not. The real solution is to implement PersistStorage. What are people's thoughts on this? Is it OK to return S_OK for now?

Thanks, James Hawkins