http://bugs.winehq.org/show_bug.cgi?id=23838
--- Comment #8 from Bruno Jesus 00cpxxx@gmail.com 2013-06-02 17:10:48 CDT --- Created attachment 44636 --> http://bugs.winehq.org/attachment.cgi?id=44636 debug patch
Using the attached patch it's possible to see the problem, strl gets negative and this makes the code crash.
trace:edit:EDIT_EM_ReplaceSel L"2013-06-02 22:57:39: Hasher: Finished hashing file: datepicker_events.js\r\n", can_undo 1, send_update 1 trace:edit:EDIT_EM_ReplaceSel notification EN_MAXTEXT sent to hwnd=0x100ee trace:edit:EditWndProc_common hwnd=0x100f6 msg=d5 (EM_GETLIMITTEXT) wparam=0 lparam=0 trace:edit:EditWndProc_common hwnd=0x100f6 msg=d5 (EM_GETLIMITTEXT) -- 0x0000f530 trace:edit:EditWndProc_common hwnd=0x100f6 msg=e (WM_GETTEXTLENGTH) wparam=0 lparam=0 trace:edit:EditWndProc_common hwnd=0x100f6 msg=e (WM_GETTEXTLENGTH) -- 0x0000f530 trace:edit:EditWndProc_common hwnd=0x100f6 msg=c5 (EM_LIMITTEXT) wparam=0 lparam=0 trace:edit:EditWndProc_common hwnd=0x100f6 msg=c5 (EM_LIMITTEXT) -- 0x00000000
trace:edit:EDIT_EM_ReplaceSel es->buffer_limit -1, tl 62768, e 62768, s 62768, old_strl 74, new_strl -62769
trace:edit:EDIT_MakeFit trying to ReAlloc to -1+1 characters trace:edit:EDIT_MakeFit Old 32 bit handle 0x254740a, new handle 0x254740a trace:edit:EDIT_MakeFit We now have -1+1 trace:edit:EDIT_EM_ReplaceSel inserting stuff (tl 62768, strl -62769, selstart 62768 (L""), text (null)) wine: Unhandled page fault on write access to 0xfffffffe at address 0x7eb456ac (thread 0009), starting debugger...