Hard-hitting crash in CRenderWareSA::RwTexDictionaryRemoveTexture

[Dutchman101]

Describe the bug

This crash is currently the top #1 according to our crash stats.

Module = C:\Program Files (x86)\MTA San Andreas 1.6\mta\game_sa.dll
Code = 0xC0000005
Offset = 0x00068096

EAX=0000003E  EBX=00000000  ECX=7E1223F0  EDX=580308F0  ESI=580308F0
EDI=7C0128D8  EBP=0177EE34  ESP=0177EE34  EIP=6D0F8096  FLG=00210202
CS=0023   DS=002B  SS=002B  ES=002B   FS=0053  GS=002B

Line of crash:
CRenderWareSA.cpp#L636

Stack trace:

0177ee34 6d0f3bed     26e3e914 580308f0 1a409800 game_sa!CRenderWareSA::RwTexDictionaryRemoveTexture+0x6
0177ee84 6c0c3b26     670265a0 99609d85 1a409800 game_sa!CRenderWareSA::ModelInfoTXDRemoveTextures+0x9d
0177eeac 6c0c3d4b     306eefa0 0177eee0 6c0dca98 client!CClientTXD::~CClientTXD+0x46
0177eeb8 6c0dca98     00000001 1a6bed20 1a6bed20 client!CClientTXD::`scalar deleting destructor'+0xb
0177eee0 6c113061     99609c2d 19087bc8 1a6bed20 client!CElementDeleter::DoDeleteAll+0x28
0177ef04 6c08c812     99609c01 1a409768 19087bc8 client!CResourceManager::~CResourceManager+0x51
0177ef28 6c0722d3     99609ca5 0177f000 1a409768 client!CClientManager::~CClientManager+0x62
0177ef8c 6c03c988     018a5280 6f441157 0177f284 client!CClientGame::~CClientGame+0x6f3
0177ef94 6f441157     0177f284 6f405691 44bd5fe8 client!CClient::ClientShutdown+0x58
0177ef9c 6f405691     44bd5fe8 0177f284 00003051 core!CModManager::Unload+0x97
0177efec 6f3db3d0     00000001 6f3dd5da 0177f000 core!CCore::Quit+0x221
0177eff4 6f3dd5da     0177f000 0177f000 0177f29d core!CCommandFuncs::Exit+0x10
0177f20c 6f3e51ea     0177f284 0177f29c 00000000 core!CCommands::Execute+0x15a
0177f2dc 6ce8a42b     182c4c78 0177f434 0177f304 core!CConsole::Edit_OnTextAccepted+0x46a
0177f2ec 6cf0d473     0177f434 19081390 6d03cd40 cgui!CGUIEdit_Impl::Event_OnKeyDown+0x9b
0177f304 6ceddf60     0177f434 17e0b100 0177f434 cgui!CEGUI::Event::operator()+0x33
0177f328 6ceb25c9     6d03cd40 0177f434 6d03b4e8 cgui!CEGUI::EventSet::fireEvent+0x60
0177f33c 6cebfe0f     0177f434 b433d423 0a8c7388 cgui!CEGUI::Window::onKeyDown+0x19
0177f41c 6cee5d88     0177f434 b433d467 0a8c4540 cgui!CEGUI::Editbox::onKeyDown+0x3f
0177f458 6ce9c6e4     0000001c 0177f694 6f42105a cgui!CEGUI::System::injectKeyDown+0xa8
0177f464 6f42105a     0000001c 00000001 001c0001 cgui!CGUI_Impl::ProcessKeyboardInput+0x14
0177f694 6f43fb23     0016027e 00000100 0000000d core!CLocalGUI::ProcessMessage+0xda
0177f710 775d7943     0016027e 00000100 0000000d core!CMessageLoopHook::ProcessMessage+0xa43
0177f73c 775c601d     6f43f0e0 0016027e 00000100 user32!_InternalCallWinProc+0x2b
0177f844 775c578a     6f43f0e0 00000000 00000100 user32!UserCallWinProcCheckWow+0x49d
0177f8a4 77c83664     995d5890 017c0000 0a852ecc user32!CallWindowProcW+0x10a
0177f934 77270c92     00000002 001c0001 77270940 ntdll!RtlpFreeNTHeapInternal+0x6c1
0177faac 00000000     0177fab8 6813e7e2 00000000 msctf!CTextInputClientWrapper::OnKeyEvent+0x352

Full dump analysis: https://pastebin.com/dXsGJ68Y

Version

Client: 1.6.0-r22951

[TheNormalnij]

It's possible that engineSetModelTXDID breaks references counter and the game unloads old textures.