Zhiyi Zhang (@zhiyi) commented about dlls/win32u/sysparams.c:

#undef query_mode_field

+ ret = query_reg_value( hkey, driver_extraW, value, sizeof(value_buf) ) && + value->Type == REG_BINARY; + if (ret && value->DataLength <= mode->dmDriverExtra) + memcpy( mode + 1, value->Data, mode->dmDriverExtra );

Hi, R��mi. This is causing a new Coverity report. In NtUserChangeDisplaySettings(), default_mode is passed to read_registry_settings(), which eventually calls read_adapter_mode() and then writes to the mode + 1. This is out of bound access because default_mode is not an array. I think the correct fix is to not set dmDriverExtra for ENUM_REGISTRY_SETTINGS. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/406#note_5410