https://bugs.winehq.org/show_bug.cgi?id=40810
--- Comment #34 from Dmitry Timoshkov dmitry@baikal.ru --- Created attachment 54947 --> https://bugs.winehq.org/attachment.cgi?id=54947 patch3
Here is another patch for testing, other patches should not be applied.
After looking at the attached backtraces once again I've created a test case that passes invalid arguments to GdipDrawString in a similar way the app (mis)uses the API. To my surprise the test was always crashing under Windows (both 32 and 64-bit builds). Then I added another step - wrapped a crashing logic in EnumMetafile API, assuming that it may have an exception handler around the called application provided callback: that test was also crashing. Then I've wrapped the crashing test in the window procedure, and that worked, but only for WM_PAINT messages (and the backtrace shows a crash in WM_PAINT handler). As another step I've added a test that calls CallWindowProcA/W, SendMessageA/W and DispatchMessageA/W in a loop with messages from 0 to 0x1000 with a window procedure intentionally crashing on a NULL pointer. In my tests there are 2 things that survive the crashes in the window procedure: CreateWindowEx and DispatchMessageA/W(WM_PAINT).
So it looks like the crashes were left unnoticed by an application developer because Windows silently handles them during WM_PAINT message dispatching.
Please let me know the results with only this patch applied.