https://bugs.winehq.org/show_bug.cgi?id=43374
Bug ID: 43374 Summary: valgrind shows an invalid read in dlls/mshtml/tests/script.c Product: Wine Version: 2.12 Hardware: x86 OS: Linux Status: NEW Keywords: download, source, testcase, valgrind Severity: normal Priority: P2 Component: mshtml Assignee: wine-bugs@winehq.org Reporter: austinenglish@gmail.com Distribution: ---
==28896== Invalid read of size 2 ==28896== at 0x5678C6D: DispCallFunc (typelib.c:6674) ==28896== by 0x680D479: invoke_builtin_function (dispex.c:1123) ==28896== by 0x680D763: function_invoke (dispex.c:1174) ==28896== by 0x680DA11: invoke_builtin_prop (dispex.c:1242) ==28896== by 0x680E964: DispatchEx_InvokeEx (dispex.c:1533) ==28896== by 0x16AC9205: IDispatchEx_InvokeEx (dispex.h:318) ==28896== by 0x16AC9205: disp_call (???:0) ==28896== by 0x16ACC7DF: exprval_call (engine.c:328) ==28896== by 0x16ACF402: interp_call_member (engine.c:1213) ==28896== by 0x16AD482D: enter_bytecode (engine.c:2787) ==28896== by 0x16AD5533: exec_source (engine.c:3040) ==28896== by 0x16AD7CF0: invoke_source (function.c:257) ==28896== by 0x16AD8152: Function_invoke (function.c:350) ==28896== by 0x16AC69A2: invoke_prop_func (dispex.c:383) ==28896== by 0x16AC7C70: DispatchEx_InvokeEx (dispex.c:684) ==28896== by 0x6856620: IDispatchEx_InvokeEx (dispex.h:318) ==28896== by 0x6856620: call_disp_func (???:0) ==28896== by 0x6856A51: call_event_handlers (htmlevent.c:961) ==28896== by 0x685748B: fire_event_obj (htmlevent.c:1095) ==28896== by 0x6857AC4: fire_event (htmlevent.c:1204) ==28896== by 0x68CD65F: handle_load (nsevents.c:282) ==28896== by 0x6B18A8A8: ??? ==28896== Address 0x7869d20 is 0 bytes after a recently re-allocated block of size 0 alloc'd ==28896== at 0x7BC51061: notify_alloc (heap.c:254) ==28896== by 0x7BC5554F: RtlAllocateHeap (heap.c:1716) ==28896== by 0x6809E6F: heap_alloc (mshtml_private.h:1168) ==28896== by 0x680A6FF: add_func_info (dispex.c:277) ==28896== by 0x680ABD4: process_interface (dispex.c:354) ==28896== by 0x680AEE5: preprocess_dispex_data (dispex.c:419) ==28896== by 0x680F3CA: init_dispex_with_compat_mode (dispex.c:1776) ==28896== by 0x68E753F: init_dispex (mshtml_private.h:334) ==28896== by 0x68EA736: OmNavigator_Create (omnavigator.c:1088) ==28896== by 0x68AA791: HTMLWindow2_get_navigator (htmlwindow.c:920) ==28896== by 0x4A9EAFF: IHTMLWindow2_get_navigator (mshtml.h:38483) ==28896== by 0x4A9EAFF: test_script_run (???:0) ==28896== by 0x4A9F739: ActiveScriptParse_ParseScriptText (script.c:2472) ==28896== by 0x68FEBE6: IActiveScriptParse32_ParseScriptText (activscp.h:1126) ==28896== by 0x68FEBE6: parse_elem_text (???:0) ==28896== by 0x68FF823: parse_inline_script (script.c:1103) ==28896== by 0x68FFA7A: parse_script_elem (script.c:1142) ==28896== by 0x69001FF: doc_insert_script (script.c:1285) ==28896== by 0x68B9905: run_insert_script (mutation.c:349) ==28896== by 0x68BA1B0: nsRunnable_Run (mutation.c:532) ==28896== by 0x6A83E0A0: ??? ==28896== by 0x68BAEB0: nsDocumentObserver_AttemptToExecuteScript (mutation.c:817) ==28896==
https://bugs.winehq.org/show_bug.cgi?id=43374
--- Comment #1 from Austin English austinenglish@gmail.com --- Still in wine-4.2: ==14046== Invalid read of size 2 ==14046== at 0x55C75D6: DispCallFunc (typelib.c:6721) ==14046== by 0x700163C: invoke_builtin_function (dispex.c:1135) ==14046== by 0x7002C37: function_invoke (dispex.c:1186) ==14046== by 0x7002EB7: invoke_builtin_prop (dispex.c:1260) ==14046== by 0x700342E: DispatchEx_InvokeEx (dispex.c:1584) ==14046== by 0x174AF255: IDispatchEx_InvokeEx (dispex.h:319) ==14046== by 0x174AF255: disp_call (???:0) ==14046== by 0x174B5D15: exprval_call (engine.c:327) ==14046== by 0x174B5DC8: interp_call_member (engine.c:1210) ==14046== by 0x174B6AB4: enter_bytecode (engine.c:2806) ==14046== by 0x174B850E: exec_source (engine.c:3059) ==14046== by 0x174BA03D: invoke_source (function.c:259) ==14046== by 0x174BAF1A: Function_invoke (function.c:352) ==14046== by 0x174AE9A3: invoke_prop_func (dispex.c:401) ==14046== by 0x174AEDB9: DispatchEx_InvokeEx (dispex.c:737) ==14046== by 0x703BE38: IDispatchEx_InvokeEx (dispex.h:319) ==14046== by 0x703BE38: call_disp_func (???:0) ==14046== by 0x703C037: call_event_handlers (htmlevent.c:2487) ==14046== by 0x703CDEC: dispatch_event_object (htmlevent.c:2739) ==14046== by 0x703D845: dispatch_event (htmlevent.c:2788) ==14046== by 0x70A7434: handle_load (nsevents.c:283) ==14046== by 0x6B18A8A8: ??? ==14046== Address 0x49547a8 is 0 bytes after a recently re-allocated block of size 0 alloc'd ==14046== at 0x7BC48A83: notify_alloc (heap.c:260) ==14046== by 0x7BC4BFA7: RtlAllocateHeap (heap.c:1726) ==14046== by 0x6FFF8A6: heap_alloc (heap.h:29) ==14046== by 0x6FFFA69: add_func_info (dispex.c:284) ==14046== by 0x6FFFE38: process_interface (dispex.c:364) ==14046== by 0x700005F: preprocess_dispex_data (dispex.c:431) ==14046== by 0x70009A6: ensure_dispex_info (dispex.c:1379) ==14046== by 0x7002984: init_dispex_with_compat_mode (dispex.c:1849) ==14046== by 0x70BD501: init_dispex (mshtml_private.h:364) ==14046== by 0x70BE44A: OmNavigator_Create (omnavigator.c:1320) ==14046== by 0x7091934: HTMLWindow2_get_navigator (htmlwindow.c:917) ==14046== by 0x4C82AFD: IHTMLWindow2_get_navigator (mshtml.h:45805) ==14046== by 0x4C82AFD: test_script_run (???:0) ==14046== by 0x4C8326A: ActiveScriptParse_ParseScriptText (script.c:2476) ==14046== by 0x70CD007: IActiveScriptParse32_ParseScriptText (activscp.h:1133) ==14046== by 0x70CD007: parse_elem_text (???:0) ==14046== by 0x70CD42C: parse_inline_script (script.c:1116) ==14046== by 0x70CDD97: parse_script_elem (script.c:1155) ==14046== by 0x70CDE1A: doc_insert_script (script.c:1298) ==14046== by 0x709903A: run_insert_script (mutation.c:342) ==14046== by 0x7098AF9: nsRunnable_Run (mutation.c:597) ==14046== by 0x6A83E0A0: ???
-
wine-bugs@winehq.org