[Bug 34895] New: Internet Chess Club (ICC) Dasher 1.5.x crashes on startup

http://bugs.winehq.org/show_bug.cgi?id=34895

Bug #: 34895 Summary: Internet Chess Club (ICC) Dasher 1.5.x crashes on startup Product: Wine Version: 1.7.6 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: mshtml AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified

Hello folks,

continuation of bug 34840

Internet Chess Club (ICC) Dasher 1.5.x still crashes on startup.

Looks like some HTMLElement reference counting issue...

--- snip --- 0024:trace:mshtml:DispatchEx_InvokeEx (0x13ac238)->(80010421 800 2 0x33e53c 0x33e5d0 0x33e51c (nil)) 0024:trace:mshtml:HTMLElement_QI (0x13ac238)->(IID_IHTMLElement2 0x33e388) 0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3 0024:trace:mshtml:HTMLElement2_get_scrollHeight (0x13ac238)->(0x33e380) 0024:trace:mshtml:HTMLElement2_get_scrollHeight *p = 100 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=1 0024:trace:mshtml:HTMLWindow2_Release (0x133d458) ref=2 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IDispatch, 0x33e600) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 3 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e5fc) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e6a4) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4 0024:trace:mshtml:HTMLDocument_get_body (0x1255f08)->(0x33e6a0) 0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=2 0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2 0024:trace:mshtml:HTMLElement_QI (0x13ac238)->(IID_IHTMLElement 0x33e6a0) 0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2 0024:trace:mshtml:HTMLElement_setAttribute (0x13ac238)->(L"scroll" {VT_BSTR: L"no"} 00000000) 0024:trace:mshtml:DispatchEx_GetDispID (0x13ac238)->(L"scroll" a 0x33e5ac) 0024:trace:mshtml:DispatchEx_InvokeEx (0x13ac238)->(800113d7 800 4 0x33e598 (nil) 0x33e578 (nil)) 0024:trace:mshtml:HTMLBodyElement_QI (0x13ac238)->(IID_IHTMLBodyElement 0x33e3bc) 0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3 0024:trace:mshtml:HTMLBodyElement_put_scroll (0x13ac238)->(L"no") 0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=5 0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6 0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5 0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=6 0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=7 0024:trace:mshtml:nsURI_Release (0x13610c0) ref=6 0024:trace:mshtml:nsURI_Release (0x13610c0) ref=5 0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6 0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5 0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6 0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5 0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6 0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5 0024:trace:mshtml:nsURI_Release (0x13610c0) ref=4 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=1 0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=0 0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=4 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IDispatch, 0x33e620) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 3 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e61c) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3 0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e6a4) 0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4 0024:trace:mshtml:HTMLDocument_get_title (0x1255f08)->(0x33e698) 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3 0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000 tid=0024 0024:trace:seh:raise_exception info[0]=00000000 0024:trace:seh:raise_exception info[1]=00000000 0024:trace:seh:raise_exception eax=013ac248 ebx=7c738000 ecx=ffffff80 edx=05000002 esi=0033ead0 edi=013ecdd0 0024:trace:seh:raise_exception ebp=0033e998 esp=0033e97c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0024:trace:seh:call_stack_handlers calling handler at 0x78889b code=c0000005 flags=0 0024:trace:seh:call_stack_handlers handler at 0x78889b returned 1 0024:trace:seh:call_stack_handlers calling handler at 0x73c3f0 code=c0000005 flags=0 --- snip ---

-> HTMLDOMNode_Release (0x13ac238) ref=0

The exception frames are not really useful. It seems a vtable method is called on freed memory. An event gets fired (while still in document load?) that leads to node dereferenced that doesn't exist anymore.

Interestingly the browser window is located out of place at top left corner with seemingly desktop as parent? Additionally the MDI app duplicates Wine's sysmenu/window decoration as if run maximized in virtual desktop mode.

Regards