The attached patch should fix the crash in bug #6120, but I'm afraid I don't understand enough to know if the patch is correct or not. The code that the patch removes was setting the client site pointer to NULL. A later dereference on that pointer causes the crash. I guess I don't understand why the client site pointer is being explicitly set to NULL. Shouldn't Release handle that when the reference count reaches zero?
- Allan
diff --git a/dlls/shdocvw/dochost.c b/dlls/shdocvw/dochost.c index f64ae09..593d78a 100644 --- a/dlls/shdocvw/dochost.c +++ b/dlls/shdocvw/dochost.c @@ -191,15 +191,6 @@ void deactivate_document(DocHost *This) } if(oleobj) { - IOleClientSite *client_site = NULL; - - IOleObject_GetClientSite(oleobj, &client_site); - if(client_site) { - if(client_site == CLIENTSITE(This)) - IOleObject_SetClientSite(oleobj, NULL); - IOleClientSite_Release(client_site); - } - IOleObject_Release(oleobj); }