http://bugs.winehq.org/show_bug.cgi?id=31076
--- Comment #10 from Nikolay Sivov bunglehead@gmail.com 2013-01-09 16:13:17 CST --- I think I understand a problem now. When you click on graphical dir view (whatever it called) it's possible it will need to insert new item to a list. And here is what happens:
- LVM_INSERTITEMA with item lParam containing pointer to internal application data (CSortingListItem* pointer to be precise); - our handler eventually calls LISTVIEW_ShiftIndices() that also changes focus item and could trigger a repaint if list scrolling is needed; - scrolling repaints window with UpdateWindow() so winproc is called with WM_PAINT synchronously while we still process LVM_INSERTITEMA; - repaint operation needs item data to paint, so it queries notification window (application) with LVN_GETDISPINFO, but at this point lParam is still not set - it's zero from Alloc(). - application casts it to CSortingListItem* and calls it's methods without checking for NULL.
To confirm this I commented LISTVIEW_SetItemFocus() call from LISTVIEW_ShiftIndices() and it made crashes go away. It's a really serious problem that could potentially affect a lot of applications, I need to think a bit more what a proper fix would be.