Rémi Bernon (@rbernon) commented about server/async.c:
+ + count = cancel_count_async( current->process, obj, thread, req->iosb ); if (!count && !thread) set_error( STATUS_NOT_FOUND ); release_object( obj ); + capacity = get_reply_max_size() / sizeof(*ptr); + + if (count) + { + if (count > capacity) + { + set_error( STATUS_BUFFER_OVERFLOW ); + reply->handles_size = count * sizeof(*ptr); + return; + } + count = cancel_async( current->process, obj, thread, req->iosb, &canceled_list ); + count = min( count, capacity ); Do we actually need this? How can count change from the previous cancel_count_async call?
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/7797#note_102165