If you invoke SuggestMgr::forgotchar_utf() with wl=99, then the method will write past the candidate_utf[MAXSWL] array on the following line:
*(p + 1) = *p;
Here's a step through of what happens:
int wl = 99; // word length is 99 charachters.
w_char candidate_utf[MAXSWL]; // buffer size is 100 chars
w_char * p = candidate_utf + wl; // p = candidate_utf + 99
*(p + 1) = *p; // writing to p + 1, which is candidate_utf + 100.
The fix is to increase the array size by 1. I am attaching the patch that fixes the issue.
There is a related bug in Chromium here: http://crbug.com/130128