http://bugs.winehq.org/show_bug.cgi?id=20851
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |gdi32 Summary|Read buffer overflow in |Read buffer overflow in |CombineRgn, triggered by |CombineRgn, triggered by |imm32/tests/imm32.c |user32 and imm32 tests
--- Comment #1 from Dan Kegel dank@kegel.com 2009-11-28 01:44:04 --- Also seen in four user32 tests, e.g. http://kegel.com/wine/valgrind/logs/2009-11-27-12.53/vg-user32_menu.txt The command valgrind --trace-children=yes wine user32_test.exe.so menu.c reproduces the problem about half the time. Looks like someone just forgot to test a limit.
Patch sent, http://www.winehq.org/pipermail/wine-patches/2009-November/081856.html