Re: [PATCH 0/1] MR3505: ntdll: Implement NtCreateToken().

Hans Leidekker (@hans) commented about server/token.c:

+ unsigned int *attrs = (unsigned int *)((char *)user + sid_len( user )); + struct sid *sid = (struct sid *)&attrs[req->group_count]; + + group_count = req->group_count; + groups_size = group_count * sizeof( attrs[0] ); + + groups = malloc( group_count * sizeof( groups[0] ) ); + if (!groups) + { + set_error( STATUS_NO_MEMORY ); + return; + } + + for (i = 0; i < group_count; i++) + { + groups[i].attrs = attrs[i]; The attrs array bounds should also be checked.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/3505#note_41232