https://bugs.winehq.org/show_bug.cgi?id=51131
Bug ID: 51131 Summary: The 64-bit msxml3:domdoc crashes on Windows Product: Wine Version: unspecified Hardware: x86-64 OS: Windows Status: NEW Severity: normal Priority: P2 Component: msxml3 Assignee: wine-bugs@winehq.org Reporter: fgouget@codeweavers.com
The 64-bit msxml3:domdoc crashes on all Windows versions:
https://test.winehq.org/data/patterns.html#msxml3:domdoc
msxml3:domdoc:1490 done (-1073740940) in 0s
A bisect confirms that the crash is caused by the following commit:
commit a0dd105c655898de087c1e58fcc5a5cae6e191df Author: Dmitry Timoshkov dmitry@baikal.ru Date: Tue Apr 27 12:29:42 2021 +0300
msxml3/tests: Add more tests for processing instruction attributes.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru Signed-off-by: Nikolay Sivov nsivov@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
https://bugs.winehq.org/show_bug.cgi?id=51131
François Gouget fgouget@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Regression SHA1| |a0dd105c655898de087c1e58fcc | |5a5cae6e191df Keywords| |source, testcase
https://bugs.winehq.org/show_bug.cgi?id=51131
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |regression Version|unspecified |6.8
https://bugs.winehq.org/show_bug.cgi?id=51131
--- Comment #1 from Dmitry Timoshkov dmitry@baikal.ru --- It looks like simply calling IXMLDOMNamedNodeMap_getNamedItem(node_map, _bstr_("anything"), &item); is guaranteed to cause heap corruption in the 64-bit test under testbot VMs. It doesn't matter what's that "anything": bogus attribute or real thing like "encoding".
Also, I couldn't reproduce this when building locally 32-bit or 64-bit domdoc tests using Windows 10 PSDK with Visual Studio 14.0 and 64-bit Windows 10 20H2 on a real hardware, there's no crashes or heap corruption on exit.
That might be a bug in 64-bit msxml3.dll that was fixed in one of updates, or this might be related to a way testbot builds 64-bit tests. Currently I have no other insights on the problem.
https://bugs.winehq.org/show_bug.cgi?id=51131
--- Comment #2 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to Dmitry Timoshkov from comment #1)
It looks like simply calling IXMLDOMNamedNodeMap_getNamedItem(node_map, _bstr_("anything"), &item); is guaranteed to cause heap corruption in the 64-bit test under testbot VMs. It doesn't matter what's that "anything": bogus attribute or real thing like "encoding".
Also, I couldn't reproduce this when building locally 32-bit or 64-bit domdoc tests using Windows 10 PSDK with Visual Studio 14.0 and 64-bit Windows 10 20H2 on a real hardware, there's no crashes or heap corruption on exit.
That might be a bug in 64-bit msxml3.dll that was fixed in one of updates, or this might be related to a way testbot builds 64-bit tests. Currently I have no other insights on the problem.
While further investigating this and playing with the tests I've found that moving test_ProcessingInstarution() before all other tests helps to avoid the crashes. Since I don't see anything wrong with the tests, and I didn't find another ways to avoid crashes, probably that's what I'll stick with for now.
https://bugs.winehq.org/show_bug.cgi?id=51131
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Fixed by SHA1| |d7ce5bddf9ba7b5f617ad352e36 | |2f278e03d8ee6
--- Comment #3 from Dmitry Timoshkov dmitry@baikal.ru --- Should be fixed by d7ce5bddf9ba7b5f617ad352e362f278e03d8ee6.
François, could you please double check?
https://bugs.winehq.org/show_bug.cgi?id=51131
--- Comment #4 from François Gouget fgouget@codeweavers.com --- This looks fixed. msxml3:domdoc is already in the old failures list on the patterns page.
https://bugs.winehq.org/show_bug.cgi?id=51131
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 6.9.
-
WineHQ Bugzilla