[Bug 26918] Atlantis II doesn't play intro videos and crashes in the main menu

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Oct 2 10:38:39 CDT 2011


http://bugs.winehq.org/show_bug.cgi?id=26918

--- Comment #7 from jhgf <bernhardloos at googlemail.com> 2011-10-02 10:38:39 CDT ---
It's a use-after-free bug in wined3d:
0024:Call
wined3d.wined3d_surface_create(0016cef0,00000280,000001e0,00000070,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00000000,01e00140,688a3be0,01e00188)
ret=68878d95
0024:Call ntdll.RtlAllocateHeap(00110000,00000008,00000158) ret=68cdf747
0024:Ret  ntdll.RtlAllocateHeap() retval=00214fa8 ret=68cdf747
0024:Call ntdll.RtlAllocateHeap(00110000,00000008,00096010) ret=68c74998
0024:Ret  ntdll.RtlAllocateHeap() retval=02940020 ret=68c74998
...
0024:Call wined3d.wined3d_surface_getdc(00214fa8,0066e9f8) ret=6886fbe2
...
0024:Call ntdll.RtlFreeHeap(00110000,00000000,02940020) ret=68cc4b32
0024:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=68cc4b32
0024:Ret  wined3d.wined3d_surface_getdc() retval=00000000 ret=6886fbe2
...
0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10003ac0
ip=10003ac0 tid=0024
0024:trace:seh:raise_exception  info[0]=00000000
0024:trace:seh:raise_exception  info[1]=02964bb1

This is not an actual regression, but with Alexandres patch, the memory will
now get completly unmapped, resulting in an segfault on access.

A log with WINEDEBUG=+tid,+seh,+d3d_surface might be helpful, but I don't now
enough about wined3d to actually fix this.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list