https://bugs.winehq.org/show_bug.cgi?id=12964
--- Comment #144 from Furyhunter furyhunter600@gmail.com --- Okay, PSOBB is doing everything it should be doing when loading mips. I was just misunderstanding the logs. Somehow it is clobbering the memory around the pBits received from IDirect3DTexture8_LockRect, which is causing the lpVtbl of the underlying surface interface to become corrupt. I hacked a fix to restore the lpVtbl, but the corruption runs all the way into the struct wined3d_resource associated with the surface and overrides the resource_ops, causing another function pointer call into non-executable memory when unmapping the resource.
For some reason, PSOBB thinks it's getting more memory than it actually is to write texture information at this specific point during loading, and it is writing either before or after the pBits it was given.
Is it possible this is a texture format bug? I'm not sure what to do from here, but I will keep looking into it.
"very simple fix," famous last words...