Rémi Bernon (@rbernon) commented about dlls/ntdll/heap.c:
return validate_large_block( heap, block ); }
- return validate_used_block( heap, subheap, block ); + if (!validate_used_block( heap, subheap, block )) return FALSE; + + /* validate_used_block() has checked the alignment; the block is now safe(r) to dereference. + * Check if this an actually used block (instead of delayed freed block) + */ + if (block_get_type( block ) != BLOCK_TYPE_USED) + { + ERR("heap %p, block %p: invalid block type %#x\n", heap, block, block_get_type( block )); + return FALSE; + } + + return TRUE;
What about adding an `expect_type` parameter to `validate_used_block`, to conditionally check the type? Would be `BLOCK_TYPE_USED` here, `0` in `heap_validate` (to allow both types), and `BLOCK_TYPE_DEAD`, later, when checking the pending free list. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/1894#note_20232