14 Jan
2006
14 Jan
'06
2:54 p.m.
James Trotter wrote:
0x007ab8e6: pushl %eax 0x007ab8e7: call *0x8(%edx) 0x007ab8ea: movl %ebp,0x8(%esi) 0x007ab8ed: movl 0x4(%esi),%eax 0x007ab8f0: pushl %eax 0x007ab8f1: movl 0x0(%eax),%ecx
This very much looks like a use-after-free bug. The first two instructions are probably a COM *_Release call. Judging by the fact that this is a regression I would also guess that it is a Wine object. Also, by knowing that it is a game it is probably a DirectDraw, Direct3D or DirectSound object. Try turning on tracing for these and seeing what it turns up. If you see a decrement to 0 just before the crash then the theory is probably correct.
--
Rob Shearman