If GetProcAddress16 is called with a name longer than 255 characters, the strcpy in NE_GetOrdinal would overflow. I wrote a small test program to confirm that Windows does not crash if 16-bit GetProcAddress is called with an impossibly long function name: ```c /* Compile with Open Watcom: owcc proc16.c -bwindows -o proc16.exe */ #include <windows.h> #include <string.h> #include <stdio.h> int main(void) { char name[300]; HMODULE gdi = LoadLibrary("gdi.exe"); memset(name, 'A', sizeof(name) - 1); name[sizeof(name) - 1] = 0; printf("%p\n", GetProcAddress(gdi, name)); return 0; } ``` The bug was identified by Cursor, which is a mix of LLM models. I wrote the fix myself. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/11049