[Bug 51131] New: The 64-bit msxml3:domdoc crashes on Windows
https://bugs.winehq.org/show_bug.cgi?id=51131 Bug ID: 51131 Summary: The 64-bit msxml3:domdoc crashes on Windows Product: Wine Version: unspecified Hardware: x86-64 OS: Windows Status: NEW Severity: normal Priority: P2 Component: msxml3 Assignee: wine-bugs(a)winehq.org Reporter: fgouget(a)codeweavers.com The 64-bit msxml3:domdoc crashes on all Windows versions: https://test.winehq.org/data/patterns.html#msxml3:domdoc msxml3:domdoc:1490 done (-1073740940) in 0s A bisect confirms that the crash is caused by the following commit: commit a0dd105c655898de087c1e58fcc5a5cae6e191df Author: Dmitry Timoshkov <dmitry(a)baikal.ru> Date: Tue Apr 27 12:29:42 2021 +0300 msxml3/tests: Add more tests for processing instruction attributes. Signed-off-by: Dmitry Timoshkov <dmitry(a)baikal.ru> Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 François Gouget <fgouget(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Regression SHA1| |a0dd105c655898de087c1e58fcc | |5a5cae6e191df Keywords| |source, testcase -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 Dmitry Timoshkov <dmitry(a)baikal.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Version|unspecified |6.8 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 --- Comment #1 from Dmitry Timoshkov <dmitry(a)baikal.ru> --- It looks like simply calling IXMLDOMNamedNodeMap_getNamedItem(node_map, _bstr_("anything"), &item); is guaranteed to cause heap corruption in the 64-bit test under testbot VMs. It doesn't matter what's that "anything": bogus attribute or real thing like "encoding". Also, I couldn't reproduce this when building locally 32-bit or 64-bit domdoc tests using Windows 10 PSDK with Visual Studio 14.0 and 64-bit Windows 10 20H2 on a real hardware, there's no crashes or heap corruption on exit. That might be a bug in 64-bit msxml3.dll that was fixed in one of updates, or this might be related to a way testbot builds 64-bit tests. Currently I have no other insights on the problem. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 --- Comment #2 from Dmitry Timoshkov <dmitry(a)baikal.ru> --- (In reply to Dmitry Timoshkov from comment #1)
It looks like simply calling IXMLDOMNamedNodeMap_getNamedItem(node_map, _bstr_("anything"), &item); is guaranteed to cause heap corruption in the 64-bit test under testbot VMs. It doesn't matter what's that "anything": bogus attribute or real thing like "encoding".
Also, I couldn't reproduce this when building locally 32-bit or 64-bit domdoc tests using Windows 10 PSDK with Visual Studio 14.0 and 64-bit Windows 10 20H2 on a real hardware, there's no crashes or heap corruption on exit.
That might be a bug in 64-bit msxml3.dll that was fixed in one of updates, or this might be related to a way testbot builds 64-bit tests. Currently I have no other insights on the problem.
While further investigating this and playing with the tests I've found that moving test_ProcessingInstarution() before all other tests helps to avoid the crashes. Since I don't see anything wrong with the tests, and I didn't find another ways to avoid crashes, probably that's what I'll stick with for now. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 Dmitry Timoshkov <dmitry(a)baikal.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Fixed by SHA1| |d7ce5bddf9ba7b5f617ad352e36 | |2f278e03d8ee6 --- Comment #3 from Dmitry Timoshkov <dmitry(a)baikal.ru> --- Should be fixed by d7ce5bddf9ba7b5f617ad352e362f278e03d8ee6. François, could you please double check? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 --- Comment #4 from François Gouget <fgouget(a)codeweavers.com> --- This looks fixed. msxml3:domdoc is already in the old failures list on the patterns page. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=51131 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 6.9. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla