[Bug 34895] New: Internet Chess Club (ICC) Dasher 1.5.x crashes on startup

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Nov 11 17:13:53 CST 2013 

http://bugs.winehq.org/show_bug.cgi?id=34895

             Bug #: 34895
           Summary: Internet Chess Club (ICC) Dasher 1.5.x crashes on
                    startup
           Product: Wine
           Version: 1.7.6
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mshtml
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello folks,

continuation of bug 34840

Internet Chess Club (ICC) Dasher 1.5.x still crashes on startup.

Looks like some HTMLElement reference counting issue...

--- snip ---
0024:trace:mshtml:DispatchEx_InvokeEx (0x13ac238)->(80010421 800 2 0x33e53c
0x33e5d0 0x33e51c (nil))
0024:trace:mshtml:HTMLElement_QI (0x13ac238)->(IID_IHTMLElement2 0x33e388)
0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3
0024:trace:mshtml:HTMLElement2_get_scrollHeight (0x13ac238)->(0x33e380)
0024:trace:mshtml:HTMLElement2_get_scrollHeight *p = 100
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=1
0024:trace:mshtml:HTMLWindow2_Release (0x133d458) ref=2
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IDispatch, 0x33e600)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 3
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e5fc)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e6a4)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4
0024:trace:mshtml:HTMLDocument_get_body (0x1255f08)->(0x33e6a0)
0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=2
0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2
0024:trace:mshtml:HTMLElement_QI (0x13ac238)->(IID_IHTMLElement 0x33e6a0)
0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2
0024:trace:mshtml:HTMLElement_setAttribute (0x13ac238)->(L"scroll" {VT_BSTR:
L"no"} 00000000)
0024:trace:mshtml:DispatchEx_GetDispID (0x13ac238)->(L"scroll" a 0x33e5ac)
0024:trace:mshtml:DispatchEx_InvokeEx (0x13ac238)->(800113d7 800 4 0x33e598
(nil) 0x33e578 (nil))
0024:trace:mshtml:HTMLBodyElement_QI (0x13ac238)->(IID_IHTMLBodyElement
0x33e3bc)
0024:trace:mshtml:HTMLDOMNode_AddRef (0x13ac238) ref=3
0024:trace:mshtml:HTMLBodyElement_put_scroll (0x13ac238)->(L"no")
0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=5
0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6
0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5
0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=6
0024:trace:mshtml:nsURI_AddRef (0x13610c0) ref=7
0024:trace:mshtml:nsURI_Release (0x13610c0) ref=6
0024:trace:mshtml:nsURI_Release (0x13610c0) ref=5
0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6
0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5
0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6
0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5
0024:trace:mshtml:HTMLDOMNode_AddRef (0x136d898) ref=6
0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=5
0024:trace:mshtml:nsURI_Release (0x13610c0) ref=4
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=2
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=1
0024:trace:mshtml:HTMLDOMNode_Release (0x13ac238) ref=0
0024:trace:mshtml:HTMLDOMNode_Release (0x136d898) ref=4
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IDispatch, 0x33e620)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 3
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e61c)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3
0024:trace:mshtml:htmldoc_qi (0x1255f08)->(IID_IHTMLDocument2, 0x33e6a4)
0024:trace:mshtml:CustomDoc_AddRef (0x1255f08) ref = 4
0024:trace:mshtml:HTMLDocument_get_title (0x1255f08)->(0x33e698)
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 3
0024:trace:mshtml:CustomDoc_Release (0x1255f08) ref = 2
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=(nil) ip=00000000
tid=0024
0024:trace:seh:raise_exception  info[0]=00000000
0024:trace:seh:raise_exception  info[1]=00000000
0024:trace:seh:raise_exception  eax=013ac248 ebx=7c738000 ecx=ffffff80
edx=05000002 esi=0033ead0 edi=013ecdd0
0024:trace:seh:raise_exception  ebp=0033e998 esp=0033e97c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0024:trace:seh:call_stack_handlers calling handler at 0x78889b code=c0000005
flags=0
0024:trace:seh:call_stack_handlers handler at 0x78889b returned 1
0024:trace:seh:call_stack_handlers calling handler at 0x73c3f0 code=c0000005
flags=0 
--- snip ---

-> HTMLDOMNode_Release (0x13ac238) ref=0

The exception frames are not really useful.
It seems a vtable method is called on freed memory.
An event gets fired (while still in document load?) that leads to node
dereferenced that doesn't exist anymore.

Interestingly the browser window is located out of place at top left corner
with seemingly desktop as parent?
Additionally the MDI app duplicates Wine's sysmenu/window decoration as if run
maximized in virtual desktop mode.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list