http://bugs.winehq.org/show_bug.cgi?id=11788
--- Comment #8 from Alexander Dorofeyev alexd4@inbox.lv 2008-03-22 08:23:51 --- I tried debugging this in IDA disassembler. It looks like the wrong pointer accessed is a field of some very large struct or object allocated on the stack. It's allocated on the stack in WinMain, then passed to a chain of subroutines. Now, the strange part is, it looks like this particular field isn't really properly initialized by the app, and this causes problems. There's a check later on if it's NULL or not, but it isn't really initialized to NULL anywhere as far as I can see, it looks like this variable ends up with some semi-random value from the stack. This can explain inconsistency with regression tests. If value at that address happens to be 0, then everything if fine, otherwise the app tries to use this wrong value as a pointer later and crashes. This is totally dependent on what is in stack upon entering WinMain - by putting some value at that address I can cause crash by accessing this value (as pointer) or avoid the crash if I put 0x00000000 there.
So this really looks like a buggy app, but somehow it works on Windows. Maybe stack memory is zeroed in Windows, but not in Wine, I don't know. Possibly some exe-loading issue.
2 Alexandre Julliard: do you know if above theory can be correct?
This important address that decides whether app will run or crash is ESP-0x4E02, when at the very first instruction of WinMain. I don't know much about exe loading but I can try to dig some more info on request.
I'll also try to check on Windows, how the stack looks there, zeroed or not.