On Thu Nov 6 11:38:17 2025 +0000, Paul Gofman wrote:

If I have to guess, this part looks suspicious: ``` ret = mach_vm_region( process_port, ®ion_address, ®ion_size, VM_REGION_BASIC_INFO_64, (vm_region_info_t)&info, &info_count, &object_name ); ``` ((vm_region_info_t)&info). That seems like the parameter which address on stack is below our 'written' (so writing past it can do this), and it is suspiciously casted. The cast there is how the API is supposed to be used, but this is indeed where the stack is getting smashed.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/8834#note_121019