http://bugs.winehq.org/show_bug.cgi?id=9840
--- Comment #28 from Dmitry Timoshkov dmitry@codeweavers.com 2007-10-11 08:50:20 --- The new crash log makes me think that I have found the source of the problem,
The crash that leads to the debugger invocation is caused by a bug in the app's code which handles an unexpected exception, so the debugger output is usless.
An unexpected exception that leads to all bad things seems to happen in the following log fragment:
0045:Call gdi32.GetGlyphOutlineA(000004f8,00000050,00000006,0034d2a0,00000058,0034d23c,0034d2c4) ret=0d5627e5 0045:trace:font:GdiGetCodePage charset 0 => cp 1252 0045:trace:font:FONT_mbtowc mapped "P" -> L"P" 0045:trace:font:GetGlyphOutlineW (0x4f8, 0050, 0006, 0x34d2a0, 88, 0x34d23c, 0x34d2c4) 0045:trace:font:WineEngGetGlyphOutline 0x1d7978, 0050, 00000006, 0x34d2a0, 00000058, 0x34d23c, 0x34d2c4 0045:trace:font:WineEngGetGlyphOutline Vec 0,704 0045:trace:font:WineEngGetGlyphOutline Vec 0,0 0045:trace:font:WineEngGetGlyphOutline Vec 448,704 0045:trace:font:WineEngGetGlyphOutline Vec 448,0 0045:trace:font:WineEngGetGlyphOutline transformed box: (0,704 - 448,0) 0045:Ret gdi32.GetGlyphOutlineA() retval=00000058 ret=0d5627e5 0045:trace:seh:raise_exception code=c0000005 flags=0 addr=0xfffffff 0045:trace:seh:raise_exception info[0]=00000000 0045:trace:seh:raise_exception info[1]=0fffffff 0045:trace:seh:raise_exception eax=0000000d ebx=0d5f42a8 ecx=0ab55f00 edx=27ffffff esi=00000e00 edi=0000000d 0045:trace:seh:raise_exception ebp=0034e180 esp=0034d324 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010216
6 == GGO_GRAY8_BITMAP
To me it looks like an app receives a bitmap for transformed "P" character and crashes while trying to decode the data.
Unfortunately the log doesn't contain the attributes of the font to provide full information in order to reproduce the problem. Can you please generate another log with +font,+seh,+tid, compress it, and attach here?