Jinoh Kang (@iamahuman) commented about dlls/ntdll/heap.c:
+ /* if GROUP_FLAG_FREE isn't set, thread is responsible for putting it back into group list. */ + if ((group = InterlockedExchangePointer( (void *)bin_get_affinity_group( bin, affinity ), group ))) + RtlInterlockedPushEntrySList( &bin->groups, (SLIST_ENTRY *)&group->entry ); + } + + return block; +} + +static NTSTATUS heap_allocate_block_lfh( struct heap *heap, ULONG flags, SIZE_T block_size, + SIZE_T size, void **ret ) +{ + struct bin *bin, *last = heap->bins + BLOCK_SIZE_BIN_COUNT - 1; + struct block *block; + + bin = heap->bins + BLOCK_SIZE_BIN( block_size ); + if (!heap->bins || bin == last) return STATUS_UNSUCCESSFUL; Can we avoid arithmetic on NULL pointer? It is undefined behavior, since it does not point to a valid object.[^note]
```suggestion:-4+0 struct bin *bin; struct block *block; if (!heap->bins) return STATUS_UNSUCCESSFUL; bin = heap->bins + BLOCK_SIZE_BIN( block_size ); if (bin == heap->bins + BLOCK_SIZE_BIN_COUNT - 1) return STATUS_UNSUCCESSFUL; ``` [^note]: https://stackoverflow.com/a/22104122 -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1628#note_23840