On Wed Feb 25 14:23:54 2026 +0000, Paul Gofman wrote:

...

The question is whether it's better to abort the app or to continue without random data. IMO such sort of abort, if considered useful, can only go to the Unix ("kernel") side to the underlying Nt call. Doing that on PE side, if it is not known to match Windows, is not ideal. As a generic rule, anything on PE side is subject to hotpatching and thus the logic to be overridden by app and abort will break compatibility. And if the app doesn't hotpatch anything there it already should not ever fail here on PE side. And if it does hotpatch our code it can also avoid this abort. Note that we can't protect things this way securely anyway. E. g., if app does random memory access and hits our random data buffer used in SystemFunction36, this won't be detected by return value check.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/10174#note_130497