Zhiyi Zhang (@zhiyi) commented about dlls/win32u/sysparams.c:
if (!desc->pAdapters) { - desc->NumAdapters = max_adapters; + desc->NumAdapters = ARRAY_SIZE(current_gpus); return STATUS_SUCCESS; }
if (!lock_display_devices()) return STATUS_UNSUCCESSFUL; - - if ((count = list_count( &gpus )) > max_adapters) + LIST_FOR_EACH_ENTRY( gpu, &gpus, struct gpu, entry ) { - WARN( "Too many adapters (%u), only up to %u can be enumerated.\n", - (unsigned int)count, (unsigned int)max_adapters ); - count = max_adapters; + if (count++ >= ARRAY_SIZE(current_gpus))
So when count reaches 34 and breaks out of the loop, count will then become 35. Then you will read/write current_gpus out of bounds. Check count before increasing it. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/5306#note_66010