https://bugs.winehq.org/show_bug.cgi?id=52073
Bernhard Übelacker bernhardu@mailbox.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bernhardu@mailbox.org
--- Comment #1 from Bernhard Übelacker bernhardu@mailbox.org --- Created attachment 71336 --> https://bugs.winehq.org/attachment.cgi?id=71336 Backtraces from rr of pointer invalidation and the crash.
I tried to find out the reason for the crash and guess this is what happens:
In function xslt_doc_default_loader a pointer of the stack based variable "xmlParserInputPtr input" is given to bind_url.
Later in function import_loader_onDataAvailable this pointer appears as parameter "void *ctxt" which correctly gets casted to "xmlParserInputPtr *input", but in my opinion incorrectly given to xmlNewIOInputStream as parameter "xmlParserCtxtPtr ctxt".
In the next call to xmlNewInputStream this xmlParserCtxtPtr is used to increment the input_id member.
By accident this input_id member contains the pointer which causes in xmlXPathNodeCollectAndTest the segfault.
Attached file contains the backtrace of the pointer invalidation and the crash.
This patch just gives a NULL to xmlNewInputStream, because ctxt is really a pointer to xmlParserInputPtr: https://source.winehq.org/patches/data/222347