http://bugs.winehq.org/show_bug.cgi?id=8936

--- Comment #20 from Konstantin Svist fry.kun@gmail.com 2007-12-21 04:38:37 --- Well, waiting for others to fix it got boring, so I traced the problem myself. Took me a large chunk of the day, but it was worth it :D

Here's the problem, not sure what the convention is going about a solution...

dlls/wintab32/context.c:DUMPBITS (line 83) can create strings up to 162 (or so) characters in length. Second, DUMPCONTEXT (line 125) only creates 100-byte strings for temporary data. Data is written outside of allocates space.. and BOOM!

A most naive fix is to set all the temp strings to something longer, say 200 characters. But then, someone might add more flags to DUMPBITS (?) - and you hit this problem again. A better fix is to have DUMPBITS create its own string - but it still needs to be managed (i.e. if more info is added to the string, programmer needs to remember to update the buffer size). Calculating the size on the fly is probably overkill, though - so I've implemented the 2nd approach.

If there's a convention about fixing these, please let me know ;)