Bug 4289: Debugging and dissasembly
Robert Shearman
rob at codeweavers.com
Sat Jan 14 08:54:57 CST 2006
James Trotter wrote:
> 0x007ab8e6: pushl %eax
> 0x007ab8e7: call *0x8(%edx)
> 0x007ab8ea: movl %ebp,0x8(%esi)
> 0x007ab8ed: movl 0x4(%esi),%eax
> 0x007ab8f0: pushl %eax
> 0x007ab8f1: movl 0x0(%eax),%ecx
>
This very much looks like a use-after-free bug. The first two
instructions are probably a COM *_Release call. Judging by the fact that
this is a regression I would also guess that it is a Wine object. Also,
by knowing that it is a game it is probably a DirectDraw, Direct3D or
DirectSound object. Try turning on tracing for these and seeing what it
turns up. If you see a decrement to 0 just before the crash then the
theory is probably correct.
--
Rob Shearman
More information about the wine-devel
mailing list