http://bugs.winehq.org/show_bug.cgi?id=4298

--- Comment #3 from Chris chris.kcat@gmail.com 2008-01-04 23:25:32 --- If someone were to call gdi32.dll's Escape function, purposely passing a NULL pointer as the last argument for GETPHYSPAGESIZE, GETPRINTINGOFFSET, or GETSCALINGFACTOR, it could cause a NULL dereference. However, the problem with the metafile parsing doing it seems to be fixed.