http://bugs.winehq.org/show_bug.cgi?id=15984
--- Comment #19 from Zdenek Behan rain@matfyz.cz 2011-03-02 21:58:26 CST --- After a while of crashing the game and tracing, i saw quite a few backtraces. Some of them has been exactly what was reported by Itzamna, some were slightly different, but all seem to essentially boil down to memory corruption and subsequent pointer dereference soon after in the code. This matches the behaviour of crashing in many different ways, likely not at the spot with the real issue.
I don't share the opinion that this is necessarily caused by surface_add_dirty_rect(). Missing texture conversion functions happen quite a bit and the blt function code definitely looks like handling those carefully.
I spent quite a while debugging and tracing the problem, and the one thing standing out in the trace is the use of ddraw_surface7_Blt, where both source and destination rectangles are filled in. Throughout the rest of the trace, this function is always gets (nil) passed in place of rectangles. There's always precisely two calls two ddraw_surface7_Blt() with a rectangle, each with a different rectangle, and the crash occurs right after release of the first surface:
trace:ddraw:ddraw_surface7_Blt iface 0x42c1058, dst_rect (0,0)-(256,128), src_surface 0x42b0780, src_rect (0,0)-(256,128), flags 0x1000000, fx (nil). ... trace:ddraw:ddraw_surface7_Blt iface 0x42b8cc8, dst_rect (0,128)-(128,192), src_surface 0x42b0780, src_rect (0,128)-(128,192), flags 0x1000000, fx (nil). ... trace:ddraw:ddraw_surface7_Release 0x42c1058 decreasing refcount to 0. wine: Unhandled page fault on read access to 0x4545524e at address 0x7e03439b (thread 0020), starting debugger...
I can attach the whole tail of the trace if anyone feels they want to see.
I'm slowly delving into it and enabling more debug channels to perhaps get a more detailed information.