http://bugs.winehq.org/show_bug.cgi?id=31627
Bug #: 31627 Summary: iexplore is crashing when opening http://www.battlefieldheroes.com/de/ Product: Wine Version: 1.5.12 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: minor Priority: P2 Component: mshtml AssignedTo: wine-bugs@winehq.org ReportedBy: bernhardu@vr-web.de Classification: Unclassified
Created attachment 41589 --> http://bugs.winehq.org/attachment.cgi?id=41589 avoid iexplore crashing in nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect calling nsILoadGroup_RemoveRequest
wine iexplore http://www.battlefieldheroes.com/de/
In function nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect a call to nsILoadGroup_RemoveRequest is done with the first parameter being old_nschannel->load_group.
Before the call only old_nschannel is validated therefore the first parameter is here a null pointer.
nsILoadGroup_RemoveRequest is a generated function from nsiface.idl and is not checking this parameter now this null pointer is dereferenced.
This was probably introduced in 5fad02d0f16ce74ddc98af5eedb09d8be52435b0. It does not happen with wine-1.5.1 (the release before this commit).
With attached patch the crash does not happen anymore. Could that patch already be sent to wine-patches?