Jacek Caban (@jacek) commented about dlls/opengl32/unix_wgl.c:

+ + if (!(extensions = malloc( size * sizeof(*extensions) + (ptr - str) ))) return; + + for (out = (char *)&extensions[size], ptr = str; *ptr; out++, ptr++) { - if (*ext == ' ') - { - *ext = 0; - extensions[count++] = ext + 1; - } - ext++; + if (ptr == str || ptr[-1] == ' ') extensions[count++] = out; + *out = *ptr == ' ' ? 0 : *ptr; } - assert( count + ARRAYSIZE(legacy_extensions) - 1 == size ); + if (ptr != str) *out = 0; This may overflow the allocated buffer.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/9362#note_121049