http://bugs.winehq.org/show_bug.cgi?id=19986
--- Comment #13 from Tel lists@lnx-bsp.net 2010-01-06 01:52:36 --- Trying with wine 1.1.35 gives similar bogus values in trace:
warn:font:CreateFontIndirectW orientation angle 208225028.600000 set to escapement angle 136615.600000 for new font 0x1e18a8 trace:font:CreateFontIndirectW (-11 131150 1366156 2082250286 0 36 df 51 12) L"MS Sans Serif" Italic Underline => 0x21d0
lfHeight = -11 lfWidth = 131150 lfEscapement = 1366156 lfOrientation = 2082250286 lfPitchAndFamily = 0x0 lfOutPrecision = 36 lfClipPrecision = 0xdf lfQuality = 51 lfCharSet = 12
Strangely, not the same values as before and when I retry the program the numbers are similar but not consistent. Unfortunately this is a partly interactive program and it updates "workspace" files making it difficult to get a completely consistent result.
Good news that it does *NOT* crash out in wine 1.1.35 but that may be a fluke. There is some on-screen font corruption but only in window decoration... I can live with that. I am starting to think this application program is using uninitialized memory or something similar.
I tried going back to the version I was using before (1.1.29) and the crash came back, but the width is also back to 65592 under 1.1.29 so I cannot explain why the program gives different numbers under different wine versions (perhaps DLL changes effect the stack memory and the application does not clear the stack when it should). Comparing the wine source code for CreateFontIndirectW shows some changes between the two versions so maybe these are protecting the system somehow (but there is no obvious bounds-checking code so quite likely the protection is accidental).
I still suggest that their is a loophole in wine for badly behaved EXE programs to inject bogus parameters into CreateFontIndirectW() and generate outrageous glyph sizes in X11, and there is evidence that at least some existing Win-XP applications will behave in this manner.
However, my problem is solved for the time being, thanks for your interest.
I would be curious to know what the original poster could find with
export WINEDEBUG=+xrender,+font,+synchronous
and checking closely lines containing CreateFontIndirect ...