[Bug 39028] Built-in iexplore crashes when opening forum/blog entries on hup.hu (crash in get_frame_by_name("yterr")

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Aug 9 01:26:15 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=39028

Indrek <efbiaiinzinz at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |efbiaiinzinz at hotmail.com

--- Comment #1 from Indrek <efbiaiinzinz at hotmail.com> ---
After some digging, it seems that the issue/feature lies withing Gecko
codebase.

Wine code on line 380 in mshtml/htmlwindow.c is:
    nsres = nsIDOMWindow_GetFrames(This->nswindow, &nsframes);
    if(NS_FAILED(nsres)) {
        FIXME("nsIDOMWindow_GetFrames failed: 0x%08x\n", nsres);
        return E_FAIL;
    }

When viewing Gecko source code from
https://github.com/mozilla/gecko-dev/blob/b6ea902b969546b6ae6c2d43e68b193bfb48716e/dom/base/nsGlobalWindow.cpp
on line 4129 the source of that function is:
NS_IMETHODIMP
nsGlobalWindow::GetFrames(nsIDOMWindowCollection** aFrames)
{
  FORWARD_TO_OUTER(GetFrames, (aFrames), NS_ERROR_NOT_INITIALIZED);

  *aFrames = GetWindowList();
  NS_IF_ADDREF(*aFrames);
  return NS_OK;
}

The definition of GetWindowList is in the same file (right before GetFrames):
nsDOMWindowList*
nsGlobalWindow::GetWindowList()
{
  MOZ_ASSERT(IsOuterWindow());

  if (!mFrames && mDocShell) {
    mFrames = new nsDOMWindowList(mDocShell);
  }

  return mFrames;
}

So as seen, there exists a chance that when mDocShell is NULL the GetWindowList
will return also NULL (will not return any error codes).

When viewing the same file for usage of GetWindowList() there seem to be NULL
checks for it in Gecko source:
void
nsGlobalWindow::GetSupportedNames(nsTArray<nsString>& aNames)
{
  FORWARD_TO_OUTER_VOID(GetSupportedNames, (aNames));

  nsDOMWindowList* windows = GetWindowList();
  if (windows) {
...


  nsDOMWindowList* windows = GetWindowList();
  NS_ENSURE_TRUE(windows, nullptr);
...


So all of it put together, to behave more like Gecko in this manner, Wine
should also check for NULL nsframes.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list