http://bugs.winehq.org/show_bug.cgi?id=6677

------- Additional Comments From samuel.howard.dennis@gmail.com 2006-13-11 12:42 ------- It does use the dynamic buffer when FieldLength is greater than 40, I wasn't arguing that it didn't. That's not the buffer it tries to free though.

FieldLength is only set from the formatting string, conversion has no effect on it and you test before converting anyway.

sprintf(buffer, "%.50d", 1) and sprintf(buffer, "%.50I64d", 1) (into a buffer of sufficient size to theoretically hold the result) demonstrate the problems quite well unless you think that this is normal output:

err:seh:setup_exception nested exception on signal stack in thread 001d eip 7efd39f5 esp 7ffddbf0 stack 0x231000-0x340000

The code is, I'm afraid to say, just obviously wrong.