http://bugs.winehq.org/show_bug.cgi?id=26918
--- Comment #7 from jhgf bernhardloos@googlemail.com 2011-10-02 10:38:39 CDT --- It's a use-after-free bug in wined3d: 0024:Call wined3d.wined3d_surface_create(0016cef0,00000280,000001e0,00000070,00000001,00000000,00000000,00000000,00000002,00000000,00000000,00000000,01e00140,688a3be0,01e00188) ret=68878d95 0024:Call ntdll.RtlAllocateHeap(00110000,00000008,00000158) ret=68cdf747 0024:Ret ntdll.RtlAllocateHeap() retval=00214fa8 ret=68cdf747 0024:Call ntdll.RtlAllocateHeap(00110000,00000008,00096010) ret=68c74998 0024:Ret ntdll.RtlAllocateHeap() retval=02940020 ret=68c74998 ... 0024:Call wined3d.wined3d_surface_getdc(00214fa8,0066e9f8) ret=6886fbe2 ... 0024:Call ntdll.RtlFreeHeap(00110000,00000000,02940020) ret=68cc4b32 0024:Ret ntdll.RtlFreeHeap() retval=00000001 ret=68cc4b32 0024:Ret wined3d.wined3d_surface_getdc() retval=00000000 ret=6886fbe2 ... 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10003ac0 ip=10003ac0 tid=0024 0024:trace:seh:raise_exception info[0]=00000000 0024:trace:seh:raise_exception info[1]=02964bb1
This is not an actual regression, but with Alexandres patch, the memory will now get completly unmapped, resulting in an segfault on access.
A log with WINEDEBUG=+tid,+seh,+d3d_surface might be helpful, but I don't now enough about wined3d to actually fix this.