[Bug 31627] New: iexplore is crashing when opening http://www.battlefieldheroes.com/de/

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Sep 6 08:57:49 CDT 2012


http://bugs.winehq.org/show_bug.cgi?id=31627

             Bug #: 31627
           Summary: iexplore is crashing when opening
                    http://www.battlefieldheroes.com/de/
           Product: Wine
           Version: 1.5.12
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: mshtml
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: bernhardu at vr-web.de
    Classification: Unclassified


Created attachment 41589
  --> http://bugs.winehq.org/attachment.cgi?id=41589
avoid iexplore crashing in nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect
calling nsILoadGroup_RemoveRequest

wine iexplore http://www.battlefieldheroes.com/de/

In function nsAsyncVerifyRedirectCallback_AsyncOnChannelRedirect a call
to nsILoadGroup_RemoveRequest is done with the first parameter
being old_nschannel->load_group.

Before the call only old_nschannel is validated therefore the first
parameter is here a null pointer.

nsILoadGroup_RemoveRequest is a generated function from nsiface.idl and
is not checking this parameter now this null pointer is dereferenced.

This was probably introduced in 5fad02d0f16ce74ddc98af5eedb09d8be52435b0.
It does not happen with wine-1.5.1 (the release before this commit).

With attached patch the crash does not happen anymore.
Could that patch already be sent to wine-patches?

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list