http://bugs.winehq.org/show_bug.cgi?id=24249
--- Comment #3 from Henri Verbeet hverbeet@gmail.com 2010-09-03 10:22:32 CDT --- (In reply to comment #2)
There might be another problem when WINED3DTSS_FORCE_DWORD is triggered (e.g. Type == 0). So it could happen that there is also an access violation on read access.
Yeah, something like the following should work:
if (Type >= sizeof(tss_lookup) / sizeof(*tss_lookup)) Type = 0; l = &tss_lookup[Type]; if (l->state == WINED3DTSS_FORCE_DWORD) { *pValue = 0; return D3D_OK; }
Note that there are some more places with constructions like this, at the very least IDirect3DDevice8Impl_SetTextureStageState(). We probably don't want a test for this though, I think it's accessing beyond the end of the array on native as well, it's just that native probably doesn't have the extra level of indirection.