Hello!
One of games rarely crashed with segv in line 86 of dsound/buffer.c:
85: IDirectSoundBuffer_Release((LPDIRECTSOUNDBUFFER)This->dsb);
86: This->dsb->notify = NULL;
(sorry, I failed to save actual backtrace at the time). This looks
like typical assign-after-free bug. I've applied attached patch
(wine-1.1.7, now on 1.1.19), no crashes so far (btw, similar
*Secodary*Release method down in code uses proper order -
assign-NULL-then-release).
--- wine-1.1.7/dlls/dsound/buffer.c.orig 2009-03-14 15:28:10.000000000 +0300
+++ wine-1.1.7/dlls/dsound/buffer.c 2009-04-23 19:50:42.000000000 +0400
@@ -82,8 +82,8 @@ static ULONG WINAPI IDirectSoundNotifyImpl_Release(
TRACE("(%p) ref was %d\n", This, ref + 1);
if (!ref) {
- IDirectSoundBuffer_Release((LPDIRECTSOUNDBUFFER)This->dsb);
This->dsb->notify = NULL;
+ IDirectSoundBuffer_Release((LPDIRECTSOUNDBUFFER)This->dsb);
HeapFree(GetProcessHeap(), 0, This);
TRACE("(%p) released\n", This);
}
