http://bugs.winehq.org/show_bug.cgi?id=59203 --- Comment #12 from Leonardo (MrPowerGamerBR) <winehq@mrpowergamerbr.com> --- I submitted another patch, I think this one is more "cleaner" than my proof of concept, and it seems to work fine :) https://bugs.winehq.org/attachment.cgi?id=80101 After Bernhard talked about the issue, I finally *get* why it was causing a double after free: 1. The game tries to resize a palette to 0 2. Because the count is 0, the "realloc" call is undefined behavior, which I think in this case it acts like it is a "free" call 3. When the game tries to delete the palette, the entries were actually freed before, which causes the game to crash. To fix this, I've added a check to validate if the count is 0 and, if it is, we just free the entries and update the current palette count to 0. When the game tries to delete the palette, we check if the palette count is zero and, if it is, we don't attempt to free the entries (because they should be already freed). However I'm not a C developer, so the code is probably very bad and probably has a lot of issues. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.