http://bugs.winehq.org/show_bug.cgi?id=20851

Summary: Read buffer overflow in CombineRgn, triggered by imm32/tests/imm32.c Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com

http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-imm32_imm32.txt through http://kegel.com/wine/valgrind/logs/2009-11-27-12.53/vg-imm32_imm32.txt have the warning

Invalid read of size 4 at REGION_SubtractO (region.c:2219) by REGION_RegionOp (region.c:1776) by REGION_SubtractRegion (region.c:2258) by CombineRgn (region.c:1376) by NC_DoNCPaint (nonclient.c:1022) by NC_HandleNCPaint (nonclient.c:1117) by DEFWND_DefWinProc (defwnd.c:303) by DefWindowProcA (defwnd.c:914) by ??? (library.h:159) by call_window_proc (winproc.c:469) by WINPROC_CallProcWtoA (winproc.c:1279) by WINPROC_call_window (winproc.c:2216) by call_window_proc (message.c:1635) by send_message (message.c:2482) by SendMessageW (message.c:2605) by send_ncpaint (painting.c:665) by BeginPaint (painting.c:871) by DEFWND_DefWinProc (defwnd.c:428) by DefWindowProcA (defwnd.c:914) by ??? (library.h:159) Address 0x7f082810 is 0 bytes after a block of size 32 alloc'd at notify_alloc (heap.c:247) by RtlAllocateHeap (heap.c:1697) by init_region (region.c:492) by REGION_RegionOp (region.c:1666) by REGION_UnionRegion (region.c:2094) by REGION_UnionRectWithRegion (region.c:1260) by ExtCreateRegion (region.c:1073) by get_update_region (painting.c:549) by send_ncpaint (painting.c:621) by BeginPaint (painting.c:871) by DEFWND_DefWinProc (defwnd.c:428) by DefWindowProcA (defwnd.c:914) by ??? (library.h:159) by call_window_proc (winproc.c:469) by WINPROC_call_window (winproc.c:2223) by DispatchMessageA (message.c:3089) by msg_spy_pump_msg_queue (imm32.c:81) by msg_spy_flush_msgs (imm32.c:88) by msg_spy_init (imm32.c:118) by init (imm32.c:173)

This is likely a very old problem.