https://bugs.winehq.org/show_bug.cgi?id=40396
--- Comment #1 from blackwingcat2000@gmail.com --- 1224 const TT_OS2_V2 *tt_os2; 1225 const TT_HEAD *tt_head; 1226 1227 opentype_get_font_table(stream, type, index, MS_OS2_TAG, (const void**)&tt_os2, &os2_context, NULL, NULL); 1228 opentype_get_font_table(stream, type, index, MS_HEAD_TAG, (const void**)&tt_head, &head_context, NULL, NULL); 1229
fixed 1224 TT_OS2_V2 *tt_os2 = NULL; 1225 TT_HEAD *tt_head = NULL;
SUB_L6DA67F21: push ebp push edi push esi push ebx sub esp,0000003Ch mov esi,[esp+54h] mov ebx,[esp+58h] mov edi,[esp+5Ch] lea edx,[esp+30h] mov dword ptr [esp+1Ch],00000000h mov dword ptr [esp+18h],00000000h lea eax,[esp+38h] mov [esp+14h],eax mov [esp+10h],edx mov dword ptr [esp+0Ch],322F534Fh mov [esp+08h],ebx mov [esp+04h],esi mov eax,[esp+50h] mov [esp],eax call SUB_L6DA67739 lea edx,[esp+2Ch] mov dword ptr [esp+1Ch],00000000h mov dword ptr [esp+18h],00000000h lea eax,[esp+34h] mov [esp+14h],eax mov [esp+10h],edx mov dword ptr [esp+0Ch],64616568h mov [esp+08h],ebx mov [esp+04h],esi mov eax,[esp+50h] mov [esp],eax call SUB_L6DA67739 mov dword ptr [edi+04h],00000005h mov dword ptr [edi+08h],00000190h mov dword ptr [edi],00000000h lea esi,[edi+0Ch] mov dword ptr [edi+0Ch],00000000h mov dword ptr [esi+04h],00000000h mov word ptr [esi+08h],0000h mov edx,[esp+30h] test edx,edx jz L6DA6812D movzx ebx,[edx] movzx eax,[edx+3Eh] rol ax,08h movzx ebp,ax movzx ecx,[edx+04h] rol cx,08h movzx eax,[edx+06h] rol ax,08h cmp ax,0009h ja L6DA6800D movzx eax,ax mov [edi+04h],eax L6DA6800D: lea eax,[ecx-01h] cmp ax,0008h ja L6DA68026 movzx eax,cx lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea ecx,[00000000h+eax*4] L6DA68026: cmp cx,03B6h ja L6DA680C7 movzx eax,cx mov [edi+08h],eax rol bx,08h cmp bx,0003h jbe L6DA680DC L6DA68045: test ebp,00000200h jz L6DA680DC mov dword ptr [edi],00000001h L6DA68057: mov edx,[esp+30h] add edx,00000020h mov eax,[edx] <- Crash