https://bugs.winehq.org/show_bug.cgi?id=52073 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu(a)mailbox.org --- Comment #1 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Created attachment 71336 --> https://bugs.winehq.org/attachment.cgi?id=71336 Backtraces from rr of pointer invalidation and the crash. I tried to find out the reason for the crash and guess this is what happens: In function xslt_doc_default_loader a pointer of the stack based variable "xmlParserInputPtr input" is given to bind_url. Later in function import_loader_onDataAvailable this pointer appears as parameter "void *ctxt" which correctly gets casted to "xmlParserInputPtr *input", but in my opinion incorrectly given to xmlNewIOInputStream as parameter "xmlParserCtxtPtr ctxt". In the next call to xmlNewInputStream this xmlParserCtxtPtr is used to increment the input_id member. By accident this input_id member contains the pointer which causes in xmlXPathNodeCollectAndTest the segfault. Attached file contains the backtrace of the pointer invalidation and the crash. This patch just gives a NULL to xmlNewInputStream, because ctxt is really a pointer to xmlParserInputPtr: https://source.winehq.org/patches/data/222347 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.