http://bugs.winehq.org/show_bug.cgi?id=59438 Bug ID: 59438 Summary: jscript crashes Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: jscript Assignee: wine-bugs@list.winehq.org Reporter: wine@ivank.me Distribution: --- When testing out Wine's jscript implementation I came across a couple of code samples where the engine crashes due to a null pointer dereference. One is an example from compat-table (https://github.com/compat-table/compat-table/blob/8f4179ffb5e7a06a12739400fc...): ``` function testCode() { try { RegExp.prototype.exec(); return false; } catch(e) {} try { Date.prototype.valueOf(); return false; } catch(e) {} if (![Error, EvalError, RangeError, ReferenceError, SyntaxError, TypeError, URIError].every(function (E) { return Object.prototype.toString.call(E.prototype) === '[object Object]'; })) { return false; } return true; } testCode() ``` This crash can be reproduced with wine's cscript.exe. It crashes both when built from git (revision eaea4240c4efb618be6d20c05f7fc9f3db9a104c) and using wine shipped with Debian (version 10.0~repack-6): ``` $ wine cscript.exe Z:/tmp/misc.prototypes-not-instances.js wine: Unhandled page fault on read access to 00000000 at address 789A1F83 (thread 01e8), starting debugger... WineDbg attached to pid 01e4 ``` Another crash in a tricky String.prototype.replace call: ``` var s6 = "abcdefghij".replace(/(a)(b)(c)(d)(e)(f)(g)(h)(i)(j)/, "$10-$09-$08-$07-$06-$05-$04-$03-$02-$01"); ``` The second crash only happens using 64-bit jscript.dll, not the 32-bit build so won't reproduce with default cscript.exe. I have a custom DLL host and build scripts that build the 64-bit jscript.dll and reproduce this bug: ``` $ git clone https://github.com/ivankra/javascript-zoo.git src && cd src $ REV=eaea4240c4efb618be6d20c05f7fc9f3db9a104c make -C engines/wine sh $ wine /dist/wine-dist/jscript64.exe /zoo/conformance/es3/String.prototype.replace.capture.js wine: Unhandled page fault on read access to FFFFFFFFFFFFFFFF at address 00006FFFFC6BC2C2 (thread 0128), starting debugger... ``` -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.