[Bug 18985] access violation in HTML-Kit 292

WineHQ Bugzilla wine-bugs at winehq.org
Mon Nov 25 23:59:26 CST 2019 

https://bugs.winehq.org/show_bug.cgi?id=18985

--- Comment #30 from Damjan Jovanovic <damjan.jov at gmail.com> ---
The stack trace is lost by the call to SEH handlers. By setting a breakpoint on
the first SEH handler, a better stack trace can be obtained:

=>0 0x0081f9fe in htmlkit (+0x41f9fe) (0x0031a634)
  1 0x628e33eb EXC_CallHandler+0x1a() in ntdll (0x0031a654)
  2 0x628e946e call_stack_handlers+0x10d(rec=0x31aaf4, context=0x31a828)
[Z:\home\user\Wine\wine\dlls\ntdll\signal_i386.c:662] in ntdll (0x0031a6d0)
  3 0x628e6c9d raise_exception+0x41c(rec=0x31aaf4, context=0x31a828,
first_chance=0x1) [Z:\home\user\Wine\wine\dlls\ntdll\signal_i386.c:736] in
ntdll (0x0031a7d8)
  4 0x628e858c raise_generic_exception+0x3b(rec=0x31aaf4, context=0x31a828)
[Z:\home\user\Wine\wine\dlls\ntdll\signal_i386.c:1863] in ntdll (0x0031a818)
  5 0xdeadbabe (0x0031ab88)
  6 0x007e28c1 in htmlkit (+0x3e28c0) (0x0031abc0)
  7 0x0080c008 in htmlkit (+0x40c007) (0x0031ac1c)
  8 0x0080db30 in htmlkit (+0x40db2f) (0x0031ac9c)
  9 0x00801976 in htmlkit (+0x401975) (0x0031acb4)
  10 0x633b389c WINPROC_wrapper+0x1b() in user32 (0x0031ace4)
  11 0x633b576d call_window_proc+0x12c(hwnd=0x10282, msg=0x4e, wp=0x20286,
lp=0x31c4f0, result=0x31c220, arg=0x1300190)
[Z:\home\user\Wine\wine\dlls\user32\winproc.c:249] in user32 (0x0031ad80)
  12 0x633b759c WINPROC_CallProcWtoA+0x151b(callback=0x633b5640, hwnd=0x10282,
msg=0x4e, wParam=0x20286, lParam=0x31c4f0, result=0x31c220, arg=0x1300190)
[Z:\home\user\Wine\wine\dlls\user32\winproc.c:864] in user32 (0x0031c084)
  13 0x633b5bd5 WINPROC_call_window+0x384(hwnd=0x10282, msg=0x4e,
wParam=0x20286, lParam=0x31c4f0, result=0x31c220, unicode=0x1,
mapping=1664702431) [Z:\home\user\Wine\wine\dlls\user32\winproc.c:926] in
user32 (0x0031c198)
  14 0x63344f70 call_window_proc+0x12f(hwnd=0x10282, msg=0x4e, wparam=0x20286,
lparam=0x31c4f0, unicode=0x1, same_thread=0x1, mapping=1664702431)
[Z:\home\user\Wine\wine\dlls\user32\message.c:2225] in user32 (0x0031c238)
  15 0x6333d1c0 send_message+0x1bf(info=0x31c2e8, res_ptr=0x31c318,
unicode=0x1) [Z:\home\user\Wine\wine\dlls\user32\message.c:3294] in user32
(0x0031c2c8)
  16 0x6333d515 SendMessageW+0x94(hwnd=0x10282, msg=0x4e, wparam=0x20286,
lparam=0x31c4f0) [Z:\home\user\Wine\wine\dlls\user32\message.c:3495] in user32
(0x0031c33c)
  17 0x637591f0 notify_hdr+0xdf(infoPtr=0x1d4ce8, code=0xffffff9b,
pnmh=0x31c4f0) [Z:\home\user\Wine\wine\dlls\comctl32\listview.c:838] in
comctl32 (0x0031c398)
  18 0x6375c41c notify_listview+0xab(infoPtr=0x1d4ce8, code=0xffffff9b,
plvnm=0x31c4f0) [Z:\home\user\Wine\wine\dlls\comctl32\listview.c:888] in
comctl32 (0x0031c3e0)
  19 0x63762c9f set_main_item+0xa8e(infoPtr=0x1d4ce8, lpLVItem=0x31c600,
isNew=0, isW=0x1, bChanged=0x31c590)
[Z:\home\user\Wine\wine\dlls\comctl32\listview.c:4368] in comctl32 (0x0031c538)
  20 0x6374d9cd LISTVIEW_SetItemT+0x1fc(infoPtr=0x1d4ce8, lpLVItem=0x31c600,
isW=0) [Z:\home\user\Wine\wine\dlls\comctl32\listview.c:4490] in comctl32
(0x0031c5b8)
  21 0x6374e707 LISTVIEW_SetItemTextT+0x156(infoPtr=0x1d4ce8, nItem=0,
lpLVItem=0x31ee30, isW=0)
[Z:\home\user\Wine\wine\dlls\comctl32\listview.c:9117] in comctl32 (0x0031c658)
  22 0x63743e24 LISTVIEW_WindowProc+0x1ee3(hwnd=0x20286, uMsg=0x102e, wParam=0,
lParam=0x31ee30) [Z:\home\user\Wine\wine\dlls\comctl32\listview.c:11691] in
comctl32 (0x0031c964)
  23 0x633b389c WINPROC_wrapper+0x1b() in user32 (0x0031c994)
  24 0x633b576d call_window_proc+0x12c(hwnd=0x20286, msg=0x102e, wp=0,
lp=0x31ee30, result=0x31e99c, arg=0x63741f40)
[Z:\home\user\Wine\wine\dlls\user32\winproc.c:249] in user32 (0x0031ca30)
  25 0x633b5350 WINPROC_CallProcAtoW+0x157f(callback=0x633b5640, hwnd=0x20286,
msg=0x102e, wParam=0, lParam=0x31ee30, result=0x31e99c, arg=0x63741f40,
mapping=WMCHAR_MAP_CALLWINDOWPROC)
[Z:\home\user\Wine\wine\dlls\user32\winproc.c:609] in user32 (0x0031e948)
  26 0x633b776a CallWindowProcA+0x1a9(func=0xffff0015, hwnd=0x20286,
msg=0x102e, wParam=0, lParam=0x31ee30)
[Z:\home\user\Wine\wine\dlls\user32\winproc.c:1010] in user32 (0x0031e9d8)
  27 0x0080daf5 in htmlkit (+0x40daf4) (0x00020286)


Frame 6 is where the crash happens.

Wine-dbg>disassemble 0x007e28bb
0x007e28bb: call        *0x188(%ebx)
0x007e28c1: popl        %ebx
0x007e28c2: ret 

0x188(%ebx) is NULL, leading to a call to a NULL function pointer -> crash.

A structure of that size (at least 396 bytes) is something internal to the
application, not something we pass. Why it's NULL, how it became NULL, requires
an understanding of the application's internals, which is best obtained with
the help of the author.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list