https://bugs.winehq.org/show_bug.cgi?id=47222
Zebediah Figura z.figura12@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |mshtml Product|Wine-staging |Wine
--- Comment #7 from Zebediah Figura z.figura12@gmail.com --- The Staging patch that triggers the bug isn't one of the oleaut32 or related patches, and looking at them I would have been surprised. I think it's probably the heap patches. DispCallFunc() reads one past the end of a heap-allocated array func->arg_types. On plain Wine this is garbage, which somehow causes a valid pointer to get passed, but on Staging it's VT_EMPTY, which causes a junk pointer to be passed.
(I'm also not sure why the call stacks are different; the code path taken is the same in both cases.)
I've sent a patch: https://source.winehq.org/patches/data/165046