http://bugs.winehq.org/show_bug.cgi?id=10347
--- Comment #18 from Nikolay Sivov bunglehead@gmail.com 2009-10-13 10:16:59 --- (In reply to comment #17)
I remember I've done some more testing (however, I haven't made a patch out of that) and AFAIR the check is only in TTM_ADDTOOLW (not TTM_ADDTOOLA) and only fails on 'size > sizeof(TTTOOLINFO)' (as a side effect, the boundary value is different in comctl32 v5.82 and comctl32 v6)
I've tried with TTM_ADDTOOLW and results show we need only a single "< sizeof()" condition cause it doesn't fail for (TTTOOLINFOW_V1_SIZE + 1) case. TTTOOLINFOW_V3_SIZE only available for v6 as I can see, so you're right about that. Anyway application sends some crap as message parameter, but we can't use cbSize field as a filter.