The function `validate_fmt` may receive a pointer which got just reserved memory for the `WAVEFORMATEX`. Unfortunately the assignment `fmt2 = *fmt` always copies the size of `WAVEFORMATEXTENSIBLE`. CC: @giomasce (I currently cannot point to a specific commit, but this may also be related to the recent changes?) <details> <summary>ASan details [gitlab CI](https://gitlab.winehq.org/bernhardu/wine/-/jobs/237050#L2464)</summary> ``` ==qcap_test.exe==728==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0022c122 at pc 0x785f4342 bp 0x0022bf4c sp 0x0022bb1c READ of size 40 at 0x0022c122 thread T0 #0 0x785f4341 in __asan_memcpy /home/runner/work/llvm-mingw/llvm-mingw/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:65:3 #1 0x778957a5 in validate_fmt /builds/bernhardu/wine/build64/../dlls/mmdevapi/client.c:363:33 #2 0x77896d1e in client_IsFormatSupported /builds/bernhardu/wine/build64/../dlls/mmdevapi/client.c:881:10 #3 0x783e3624 in IAudioClient_IsFormatSupported /builds/bernhardu/wine/build64/include/audioclient.h:406:12 #4 0x783e5cd7 in WINMM_TestFormat /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:454:10 #5 0x783e5928 in WINMM_GetSupportedFormats /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:504:14 #6 0x783e553b in WINMM_InitMMDevice /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:524:35 #7 0x783e4e9b in WINMM_EnumDevices /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:610:17 #8 0x783d30e8 in WINMM_InitMMDevices /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:856:10 #9 0x7be4a996 in RtlRunOnceExecuteOnce /builds/bernhardu/wine/build64/../dlls/ntdll/sync.c:462:10 ... Address 0x0022c122 is located in stack of thread T0 at offset 34 in frame #0 0x783e5c0f in WINMM_TestFormat /builds/bernhardu/wine/build64/../dlls/winmm/waveform.c:442 This frame has 2 object(s): [16, 34) 'fmt' (line 443) <== Memory access at offset 34 overflows this variable [80, 84) 'junk' (line 443) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp, SEH and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow /builds/bernhardu/wine/build64/../dlls/mmdevapi/client.c:363:33 in validate_fmt ``` </details> -- v4: mmdevapi: Avoid copying more memory than reserved in validate_fmt (ASan). https://gitlab.winehq.org/wine/wine/-/merge_requests/10326