Hi Zebediah,
This crashes for me in script.c tests. Here is a log (with additional FIXMEs, if I run it with +mshtml, it crashes in HTMLWindow_open instead):
0009:fixme:mshtml:invoke_builtin_function retv 0x90d2d8 {VT_BOOL|VT_BYREF 0x90d2d0} 0009:fixme:mshtml:HTMLElement_removeAttribute (0xc93038)->(L"myattr" 90d2d0 0x7e25db64) wine: Unhandled page fault on write access to 0x7e25db64 at address 0x7cc23e59 (thread 0009), starting debugger... Unhandled exception: page fault on write access to 0x7e25db64 in 32-bit code (0x7cc23e59). 0056:err:dbghelp:pe_load_msc_debug_info -Debug info stripped, but no .DBG file in module L"xul" Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:7cc23e59 ESP:0090d090 EBP:0090d0f8 EFLAGS:00210202( R- -- I - - - ) EAX:7e25db64 EBX:0090d190 ECX:0090d080 EDX:00000001 ESI:00c932f4 EDI:0090d19c Stack dump: 0x0090d090: f7d5e680 00000000 7e25db64 00c93038 0x0090d0a0: 00c93038 00c8f55c 00000008 0090d0c0 0x0090d0b0: 00c6cbe0 00000000 00c93280 00c93038 0x0090d0c0: 00c93280 00c93038 00000000 43c2c400 0x0090d0d0: 00000000 4d430001 00000000 43c2c400 0x0090d0e0: 0090d100 0090d190 0090d178 43c2c400 Backtrace: =>0 0x7cc23e59 remove_attribute+0xc9() [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1398] in mshtml (0x0090d0f8) 1 0x7cc4ccfc HTMLElement_removeAttribute+0x1e2(iface=0xc93084, strAttributeName="myattr", pfSuccess=0x7e25db64) [/home/jacek/wine/wine-git/dlls/mshtml/htmlelem.c:960] in mshtml (0x0090d178) 2 0x7e245722 call_method+0x21() in oleaut32 (0x0090d1a8) 3 0x7e25df98 DispCallFunc+0x4b7(pvInstance=<couldn't compute location>, oVft=<couldn't compute location>, cc=<couldn't compute location>, vtReturn=<couldn't compute location>, cActuals=<couldn't compute location>, prgvt=<couldn't compute location>, prgpvarg=<couldn't compute location>, pvargResult=<couldn't compute location>) [/home/jacek/wine/wine-git/dlls/oleaut32/typelib.c:6769] in oleaut32 (0x0090d218) 4 0x7cc23628 invoke_builtin_function+0x7af() [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1218] in mshtml (0x0090d468) 5 0x7cc238f7 function_invoke+0x1f5() [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1269] in mshtml (0x0090d4f8) 6 0x7cc23bc8 invoke_builtin_prop+0x105() [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1343] in mshtml (0x0090d578) 7 0x7cc24b66 DispatchEx_InvokeEx+0x4c9(wFlags=0x3) [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1667] in mshtml (0x0090d608) 8 0x7ba8d4d2 disp_call+0x291(flags=<is not available>, argc=<is not available>) [/home/jacek/wine/wine-git/dlls/jscript/../../include/dispex.h:319] in jscript (0x0090d6f8) 9 0x7ba915dc exprval_call+0x7b() in jscript (0x0090d738) 10 0x7ba94d49 interp_call_member+0xb8() [/home/jacek/wine/wine-git/dlls/jscript/engine.c:1210] in jscript (0x0090d778) 11 0x7ba98c22 exec_source+0x571(this_obj=<is not available>) [/home/jacek/wine/wine-git/dlls/jscript/engine.c:2810] in jscript (0x0090d808) 12 0x7ba9d61d invoke_source+0x8c(ctx=0xc6cbe0, function=0xc8f248, this_obj=0xc6bfe4) [/home/jacek/wine/wine-git/dlls/jscript/function.c:259] in jscript (0x0090d878) 13 0x7ba9e799 Function_invoke+0x78(flags=<is not available>) [/home/jacek/wine/wine-git/dlls/jscript/function.c:352] in jscript (0x0090d8d8) 14 0x7ba8cbde invoke_prop_func+0x28d(This=0xc8f248, jsthis=<is not available>, prop=<is not available>, flags=0x1) [/home/jacek/wine/wine-git/dlls/jscript/dispex.c:401] in jscript (0x0090d938) 15 0x7ba8d06d DispatchEx_InvokeEx+0x3ac(iface=<couldn't compute location>, id=<couldn't compute location>, lcid=<couldn't compute location>, wFlags=<couldn't compute location>, pdp=<couldn't compute location>, pvarRes=<couldn't compute location>, pei=<couldn't compute location>, pspCaller=<couldn't compute location>) [/home/jacek/wine/wine-git/dlls/jscript/dispex.c:737] in jscript (0x0090d9e8) 16 0x7cc63e43 call_disp_func+0xa2(disp=<is not available>, dp=0x90dae0, retv=0x90dab0) [/home/jacek/wine/wine-git/dlls/mshtml/../../include/dispex.h:319] in mshtml (0x0090da68) 17 0x7cc6a6cd call_event_handlers+0x1cec(event_target=0xc6bfe4, event=0xc92a38, dispatch_mode=DISPATCH_BOTH) [/home/jacek/wine/wine-git/dlls/mshtml/htmlevent.c:2487] in mshtml (0x0090dce8) 18 0x7cc6afa7 dispatch_event_object+0x1f6(event_target=0xc6bfe4, event=<is not available>, dispatch_mode=DISPATCH_BOTH) [/home/jacek/wine/wine-git/dlls/mshtml/htmlevent.c:2739] in mshtml (0x0090dd68) 19 0x7cc6b698 dispatch_event+0x17() [/home/jacek/wine/wine-git/dlls/mshtml/htmlevent.c:2788] in mshtml (0x0090dd88) 20 0x7cceb1da handle_load+0x109(iface=<couldn't compute location>, event=<couldn't compute location>) [/home/jacek/wine/wine-git/dlls/mshtml/nsevents.c:282] in mshtml (0x0090ddd8) 21 0x6b18a8a9 EntryPoint+0x13494a8() in xul (0x07144904) 22 0x03af69c8 (0x00c723a9) 23 0x6400c723 (0x907cd655) 0x7cc23e59 remove_attribute+0xc9 [/home/jacek/wine/wine-git/dlls/mshtml/dispex.c:1398] in mshtml: movw $0xffff,0x0(%eax) 1398 *success = VARIANT_TRUE;
On 5/19/19 9:40 PM, Zebediah Figura wrote:
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=47222 Signed-off-by: Zebediah Figura z.figura12@gmail.com
dlls/mshtml/dispex.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/dlls/mshtml/dispex.c b/dlls/mshtml/dispex.c index 2033e90872..88a5e5168e 100644 --- a/dlls/mshtml/dispex.c +++ b/dlls/mshtml/dispex.c @@ -1129,6 +1129,7 @@ static HRESULT builtin_propput(DispatchEx *This, func_info_t *func, DISPPARAMS * static HRESULT invoke_builtin_function(DispatchEx *This, func_info_t *func, DISPPARAMS *dp, VARIANT *res, IServiceProvider *caller) { VARIANT arg_buf[MAX_ARGS], *arg_ptrs[MAX_ARGS], *arg, retv, ret_ref, vhres;
- VARTYPE arg_types[MAX_ARGS];
We could probably populate arg_types with return value pointer in add_func_info().
Thanks,
Jacek