http://bugs.winehq.org/show_bug.cgi?id=31627
Bug #: 31627 Summary: iexplore is crashing when opening http://www.battlefieldheroes.com/de/ Product: Wine Version: 1.5.12 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: minor Priority: P2 Component: mshtml AssignedTo: wine-bugs@winehq.org ReportedBy: bernhardu@vr-web.de Classification: Unclassified
Created attachment 41589 --> http://bugs.winehq.org/attachment.cgi?id=41589 avoid iexplore crashing in nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect calling nsILoadGroup_RemoveRequest
wine iexplore http://www.battlefieldheroes.com/de/
In function nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect a call to nsILoadGroup_RemoveRequest is done with the first parameter being old_nschannel->load_group.
Before the call only old_nschannel is validated therefore the first parameter is here a null pointer.
nsILoadGroup_RemoveRequest is a generated function from nsiface.idl and is not checking this parameter now this null pointer is dereferenced.
This was probably introduced in 5fad02d0f16ce74ddc98af5eedb09d8be52435b0. It does not happen with wine-1.5.1 (the release before this commit).
With attached patch the crash does not happen anymore. Could that patch already be sent to wine-patches?
http://bugs.winehq.org/show_bug.cgi?id=31627
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jacek@codeweavers.com
--- Comment #1 from Jacek Caban jacek@codeweavers.com 2012-09-06 09:03:44 CDT --- Thanks for the analyze.
(In reply to comment #0)
With attached patch the crash does not happen anymore. Could that patch already be sent to wine-patches?
It's close. If old_channel->load_group is NULL we still want to release old_channel, so you need the additional check to be around RemoveRequest call only.
http://bugs.winehq.org/show_bug.cgi?id=31627
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, patch
http://bugs.winehq.org/show_bug.cgi?id=31627
Jacek Caban jacek@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |fdb7286a2c61ad1404f14771bf9 | |c2bd66a716423 Status|UNCONFIRMED |RESOLVED Resolution| |FIXED
--- Comment #2 from Jacek Caban jacek@codeweavers.com 2012-09-14 11:52:17 CDT --- The patch is in git:
http://source.winehq.org/git/wine.git/commitdiff/fdb7286a2c61ad1404f14771bf9...
Thanks!
http://bugs.winehq.org/show_bug.cgi?id=31627
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org 2012-09-14 13:36:47 CDT --- Closing bugs fixed in 1.5.13.
-
wine-bugs@winehq.org