http://bugs.winehq.org/show_bug.cgi?id=16280
Summary: IDirect3DDevice9::reset() is flawed. Product: Wine Version: 1.1.9 Platform: All OS/Version: other Status: UNCONFIRMED Severity: normal Priority: P2 Component: directx-d3d AssignedTo: wine-bugs@winehq.org ReportedBy: jerome.gardou@laposte.net
I found this bug when tracking down a crash in Supreme commander. This game calls device->reset(), and crashes.
Reading the code there (taken from the line 316 of d3d9/device.c) :
if(pool == WINED3DPOOL_DEFAULT) { IWineD3DResource_GetParent(resource, &parent); if(IUnknown_Release(parent) == 0) { TRACE("Parent %p is an implicit resource with ref 0\n", parent); } else { WARN("Resource %p(wineD3D %p) with pool D3DPOOL_DEFAULT blocks the Reset call\n", parent, resource); ret = S_FALSE; *resources_ok = FALSE; } }
the assumption is made that the ref of parent is 0, which seems correct, but calling getparent calls IUnknown_AddRef, on an already freed object => crash !