https://bugs.winehq.org/show_bug.cgi?id=55244
François Gouget fgouget@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|mshtml:misc - The 32-bit |mshtml:misc - |test_HTMLStorage() crashes |test_HTMLStorage() crashes |in Wine |in Wine
--- Comment #1 from François Gouget fgouget@codeweavers.com --- The 64-bit test_HTMLStorage() crashes in Wine too:
Unhandled exception: page fault on write access to 0x00007efad9160158 in 64-bit code (0x000001de168190). Backtrace: =>0 0x000001de168190 Binding_Abort+0x30(iface=00007EFAD9160040) [/home/fgouget/wine/wt23/src/dlls/urlmon/binding.c:894] in urlmon (0x000002643b39a0) 1 0x0000026435d47c list_remove(This=<internal error>) [/home/fgouget/wine/wt23/src/include/wine/list.h:100] in mshtml (0x000002643b39a0) 2 0x0000026435d47c abort_window_bindings+0x6c(window=<register RDI not accessible in this frame>) [/home/fgouget/wine/wt23/src/dlls/mshtml/navigate.c:1998] in mshtml (0x000002643b39a0) 3 0x00000264348b0a release_outer_window+0x42(This=<internal error>) [/home/fgouget/wine/wt23/src/dlls/mshtml/htmlwindow.c:227] in mshtml (0x000002643b34e0) 4 0x00000264348b0a HTMLWindow2_Release+0x271(iface=<internal error>) [/home/fgouget/wine/wt23/src/dlls/mshtml/htmlwindow.c:329] in mshtml (0x000002643b34e0) 5 0x00000264348b0a HTMLWindow2_Release+0x2aa(iface=<register RBX not accessible in this frame>) [/home/fgouget/wine/wt23/src/dlls/mshtml/htmlwindow.c:320] in mshtml (0x000002643b34e0) 6 0x00000264366565 detach_gecko_browser+0x55(This=<register RBX not accessible in this frame>) [/home/fgouget/wine/wt23/src/dlls/mshtml/nsembed.c:2346] in mshtml (0x000001400be1b8) 7 0x0000026437c7fa HTMLDocumentObj_Release+0x14b(iface=<internal error>) [/home/fgouget/wine/wt23/src/dlls/mshtml/oleobj.c:3477] in mshtml (0x000001400be1b8) 8 0x0000026437c7fa HTMLDocumentObj_Release+0x17a(iface=<register RBX not accessible in this frame>) [/home/fgouget/wine/wt23/src/dlls/mshtml/oleobj.c:3439] in mshtml (0x000001400be1b8) 9 0x00000140068301 in mshtml_test (+0x68301) (0x000001400be1b8) 10 0x00000140098a9b in mshtml_test (+0x98a9b) (0x0000000024a082) 11 0x00000140098467 in mshtml_test (+0x98467) (0000000000000000) 12 0x00000178028a39 BaseThreadInitThunk+0x9(unknown=<internal error>, entry=<internal error>, arg=<internal error>) [/home/fgouget/wine/wt23/src/dlls/kernel32/thread.c:61] in kernel32 (0000000000000000) 13 0x0000017005cd85 __wine_pop_frame(entry=[<register RSP not accessible in this frame>, arg=[<register RSP not accessible in this frame>) [/home/fgouget/wine/wt23/src/include/wine/exception.h:277] in ntdll (0000000000000000) 14 0x0000017005cd85 RtlUserThreadStart+0x85(entry=[<register RSP not accessible in this frame>, arg=[<register RSP not accessible in this frame>) [/home/fgouget/wine/wt23/src/dlls/ntdll/thread.c:294] in ntdll (0000000000000000) 0x000001de168190 Binding_Abort+0x30 [/home/fgouget/wine/wt23/src/dlls/urlmon/binding.c:894] in urlmon: orl $0x08, 0x118(%rbx)
This one is not a NULL dereference but the crash also happens in a IHTMLDocument2_Release(doc) call (the last one), a bisect points to the same commit and one more readily gets a meaningful backtrace.