From: Michał Durak<24462-mdurak@users.noreply.gitlab.winehq.org> If *count was zero, aa would end up pointing to a zero-size allocation, leading to out-of-bounds access in unicast_addresses_alloc(). --- dlls/iphlpapi/iphlpapi_main.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dlls/iphlpapi/iphlpapi_main.c b/dlls/iphlpapi/iphlpapi_main.c index fe2de41c4a3..b315490b1f2 100644 --- a/dlls/iphlpapi/iphlpapi_main.c +++ b/dlls/iphlpapi/iphlpapi_main.c @@ -1248,7 +1248,7 @@ static DWORD dns_info_alloc( IP_ADAPTER_ADDRESSES *aa, ULONG family, ULONG flags static DWORD adapters_addresses_alloc( ULONG family, ULONG flags, IP_ADAPTER_ADDRESSES **info, ULONG *count ) { - IP_ADAPTER_ADDRESSES *aa; + IP_ADAPTER_ADDRESSES *aa = NULL; NET_LUID *luids; struct nsi_ndis_ifinfo_rw *rw; struct nsi_ndis_ifinfo_dynamic *dyn; @@ -1262,6 +1262,12 @@ static DWORD adapters_addresses_alloc( ULONG family, ULONG flags, IP_ADAPTER_ADD (void **)&stat, sizeof(*stat), count, 0 ); if (err) return err; + if (!*count) + { + err = ERROR_NO_DATA; + goto err; + } + needed = *count * (sizeof(*aa) + ((CHARS_IN_GUID + 1) & ~1) + sizeof(stat->descr.String)); needed += *count * sizeof(rw->alias.String); /* GAA_FLAG_SKIP_FRIENDLY_NAME is ignored */ -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10628