IE crash in mshtml!URLRequest::CrackURL+0xe6

Won’t fix Issue #7139345

Details

Author
dimitar p.
Created
Apr 7, 2016
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Observed a crash on www.cbsnews.com
Stacktrace is:

mshtml!URLRequest::CrackURL+e6
6e70147f 81b8fc010000b0ad0100 cmp dword ptr [eax+1FCh],1ADB0h
EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 6e70147f (mshtml!URLRequest::CrackURL+0x000000e6)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 000001fc
Attempt to read from address 000001fc
PROCESS_NAME:  iexplore.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_PARAMETER1:  00000000
EXCEPTION_PARAMETER2:  000001fc
READ_ADDRESS:  000001fc 
FOLLOWUP_IP: 
mshtml!URLRequest::CrackURL+e6
6e70147f 81b8fc010000b0ad0100 cmp dword ptr [eax+1FCh],1ADB0h
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG:  0
FAULTING_THREAD:  0000067c
BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ
PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE
DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER:  from 6e6feb3b to 6e70147f
STACK_TEXT:  
0e53c694 6e6feb3b 0fc33788 0e53c6b8 0e53c6d4 mshtml!URLRequest::CrackURL+0xe6
0e53c6c8 6eb90403 0fc33788 00000000 03be6ba0 mshtml!URLRequest::SetUrl+0x7b
0e53c6e8 6e7003fe 800c001b 00002ef1 0fc33788 mshtml!URLRequest::ReportResult+0x48fff3
0e53c710 6e7003cc 800c001b 00002ef1 0fc33788 mshtml!URLRequest::MSStreamReportResult+0x29
0e53c724 77196ab1 03be6d58 800c001b 00002ef1 mshtml!URLRequest::URLMONRequestSink::ReportResult+0x1c
0e53c748 771a0b8c 0f654264 800c001b 00002ef1 urlmon!COInetProt::ReportResult+0x67 [d:\blue\inetcore\urlmon\trans\prothndl.cxx @ 1909]
0e53c780 771a0e76 00000000 00000000 00000000 urlmon!CTransaction::DispatchReport+0x219 [d:\blue\inetcore\urlmon\trans\transact.cxx @ 3153]
0e53c7c8 771a0f29 0f654078 00000001 0e53c860 urlmon!CTransaction::OnINetCallback+0x140 [d:\blue\inetcore\urlmon\trans\transact.cxx @ 3356]
0e53c7e4 760fc4f7 000500d0 00000465 00000000 urlmon!TransactionWndProc+0x29 [d:\blue\inetcore\urlmon\trans\transact.cxx @ 3478]
0e53c810 760fc5f7 771a0f00 000500d0 00000465 user32!InternalCallWinProc+0x23
0e53c888 760fcc30 00000000 771a0f00 000500d0 user32!UserCallWinProcCheckWow+0x14b
0e53c8ec 760fcc88 771a0f00 00000000 0e53facc user32!DispatchMessageWorker+0x36d
0e53c8fc 6d72a8bc 0e53c93c 0c77fd80 046f1c50 user32!DispatchMessageW+0xf
0e53facc 6d7dc488 0e53fb98 6d7dc100 08858cc0 ieframe!CTabWindow::_TabWindowThreadProc+0x464
0e53fb8c 762aad0c 0c77fd80 0e53fbb0 6d8b4300 ieframe!LCIETab_ThreadProc+0x3e7
0e53fba4 72933a31 08858cc0 00000000 00000000 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1c
0e53fbdc 7774ef1c 068400e0 0e53fc28 77a53648 IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x94
0e53fbe8 77a53648 068400e0 79ff2528 00000000 kernel32!BaseThreadInitThunk+0xe
0e53fc28 77a5361b 729339a0 068400e0 ffffffff ntdll!__RtlUserThreadStart+0x70
0e53fc40 00000000 729339a0 068400e0 00000000 ntdll!_RtlUserThreadStart+0x1b

Attaching a dump.

Attachments

1 attachment

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Christian F.”

    Changed Status to “Won’t fix”

  • Hello,

    Thanks for the feedback on IE. We are not working on IE feature bugs any longer unless they are security related. As such this item will be closed out as won’t fix.

    All the best,
    The MS Edge Team

You need to sign in to your Microsoft account to add a comment.

Sign in