http://bugs.winehq.org/show_bug.cgi?id=21962
--- Comment #44 from Stefan Dösinger stefandoesinger@gmx.at 2010-04-04 04:53:48 --- I checked the code, there should be no place where heapMemory is set to NULL, but allocatedMemory isn't zeroed either. The only exception is the VBO path of _Map and _Unlock, where allocatedMemory is set without assigning HeapMemory.
Can you find out where the "bad" pointer in AllocatedMemory is coming from? The only explanation I can find is that the app maps the buffer, then for some reason it is unloaded(e.g. device::reset is called). Thus the VBO disappears but the old allocatedMemory pointer still remains.
To do that just add a ERR printout to every place where allocatedMemory is assigned and then after a crash search for the bad address that causes the crash in that log. Note that there's also one assignment in resource.c