https://bugs.winehq.org/show_bug.cgi?id=55918 Bug ID: 55918 Summary: printf() can overrun the "p10s" buffer with certain values when using 24-bit precision Product: Wine Version: 8.20 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: z.figura12(a)gmail.com Distribution: --- Spore, for some reason, sets 24-bit precision on a thread, and when I tried to enable +d3d, I found that thread crashed with an integer division by zero. The actual floating point value that triggered the crash is (double) 9.9999982118606567e-01. The cause is this: * the log10() call in pf_output_fp() receives 999999940 as an argument * it returns 9.0, which is... not really correct * this value is later used to index the p10s array, which is only of length 9 * 0 happens to be the next integer in memory A quick test suggests that, at least for i386 ucrtbase, native log10() does not return 9.0, but 8.9999999739423302, which IIRC is the precise value. So that's... possibly the correct fix. There may also be a less error-prone and even more efficient way to do that base-10 logarithm. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.