[Bug 29861] New: MiPony crashes after startup with null pointer access in fire_event

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=29861

             Bug #: 29861
           Summary: MiPony crashes after startup with null pointer access
                    in fire_event
           Product: Wine
           Version: 1.4-rc2
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mshtml
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com
    Classification: Unclassified


To reproduce:
 rm -rf ~/.wine
 winetricks dotnet20
 wine Mipony-Installer.exe
 Either 'winetricks gdiplus' or use patch in bug 23759 to get past gdiplus
crash
 cd "$HOME/.wine/drive_c/Program Files/MiPony"
 wine MiPony.exe

Log:
Unhandled exception: page fault on read access to 0x00000068 in 32-bit code
Backtrace:
=>0 fire_event+0x9e(doc=0x8a1cf00, eid=EVENTID_READYSTATECHANGE, set_event=0x1,
target=0x89caaa0, nsevent=(nil)) [dlls/mshtml/htmlevent.c:985] 
  1 set_ready_state+0xb4(window=0x8b411e8, readystate=READYSTATE_LOADING)
[dlls/mshtml/persist.c:416] 

The obvious superficial patch
--- a/dlls/mshtml/htmlevent.c
+++ b/dlls/mshtml/htmlevent.c
@@ -982,7 +982,8 @@ void fire_event(HTMLDocumentNode *doc, eventid_t eid, BOOL
s

     TRACE("(%p) %s\n", doc, debugstr_w(event_info[eid].name));

-    prev_event = doc->basedoc.window->event;
+    prev_event = NULL;
+    if (doc->basedoc.window) prev_event = doc->basedoc.window->event;

makes the problem seem to go away.  The app then lets you play with its menus
and seems to behave (though it still crashes on quit).

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.