http://bugs.winehq.org/show_bug.cgi?id=5451

------- Additional Comments From stefandoesinger@gmx.at 2006-17-06 08:39 ------- I found the reason for this crash, this isn't a refcounting bug.

Diablo uses palettized surfaces with 1 byte per pixel. It accesses the surface with DWORDs, that means it always writes 4 bytes. It isn't careful enought at the end of the surface and writes over the end of the surface.

For that reason the old ddraw code allocated 4 extra bytes for a surface, the same happens in WineD3D. However, the gdi surface code drops the full power of 2 size to save memory and doesn't add the 4 extra bytes. I will send a patch for that to wine-patches.

However, the old directdraw code used an unofficial function for dib creation to create a DIB section for an already allocated memory which is 4 bytes bigger. WineD3D uses the official CreateDIBSection function which allocates its own memory and igores the size value passed to it, so even with the +4 byte fix the crash still occurs. I have to discuss the best way to solve this with Alexandre. Possible solutions are:

* Use the unofficial function in wined3d and allocate the memory manually * Modify the dib code to allocate 4 more bytes(see the hack) * Modify the dib code to respect the size passed to it(bad idea maybe)

The hack I attached to this bug fixes the crash. However, after it the screen stays completely black. I can hear the sound and it seems to react to input, but the screen isn't updated, although diablo 1 writes to the front buffer.