https://bugs.winehq.org/show_bug.cgi?id=55773
--- Comment #1 from RĂ©mi Bernon rbernon@codeweavers.com --- This is actually a game bug, leading to wined3d resource heap pointer corruption.
When using 800x600 resolution, the game fills the frame by writing pixels to the locked resource memory, starting from the end. However it has an off by one error, and ends up overwriting one two bytes before the mapped address.
This overwrites ddraw heap pointer that was sneaked there to later be freed.
Previously the heap was able to detect that the corrupted pointer was not from any heap, but as we can't lock the whole heap on every free anymore, it isn't possible to detect.
Anyway, I think we should simply not hide a pointer there. Doing that fixes the crash, even if the heap block header gets corrupted (which is either detected or ignored).