http://bugs.winehq.org/show_bug.cgi?id=27439
Windom Earle windomearle@mail.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |windomearle@mail.ru
--- Comment #6 from Windom Earle windomearle@mail.ru 2011-11-01 11:01:26 CDT --- Look like that crash occurs there in memcpy: http://source.winehq.org/source/dlls/wined3d/buffer.c?v=wine-1.3.31#L901
wine-1.3.31 wined3d buffer.c
... /* Now for each vertex in the buffer that needs conversion */ vertices = buffer->resource.size / buffer->stride;
data = HeapAlloc(GetProcessHeap(), 0, buffer->resource.size);
while(buffer->modified_areas) { buffer->modified_areas--; start = buffer->maps[buffer->modified_areas].offset; len = buffer->maps[buffer->modified_areas].size; end = start + len;
memcpy(data + start, buffer->resource.allocatedMemory + start, end - start); for (i = start / buffer->stride; i < min((end / buffer->stride) + 1, vertices); ++i) { for (j = 0; j < buffer->stride; ++j) { switch (buffer->conversion_map[j]) { case CONV_NONE: /* Done already */ j += 3; break; case CONV_D3DCOLOR: fixup_d3dcolor((DWORD *) (data + i * buffer->stride + j)); j += 3; break;
case CONV_POSITIONT: fixup_transformed_pos((float *) (data + i * buffer->stride + j)); j += 15; break; default: FIXME("Unimplemented conversion %d in shifted conversion\n", buffer->conversion_map[j]); } } } ...
The reason ... maybe HeapAlloc failed (its result isn't checked in this code)?