[PATCH v2 0/1] MR10395: crypt32: Don't access CERT_CHAIN_ENGINE_CONFIG::dwExclusiveFlags without checking size.

March 21, 2026

      Found by ASan.

Example in test `crypt32:chain`, `testCreateCertChainEngine`. Pointer to a `CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT` is passed to `CertCreateCertificateChainEngine`. Accessing `dwExclusiveFlags` unconditionally is out-of-bound.

--
  v2: crypt32: Don't access CERT_CHAIN_ENGINE_CONFIG::dwExclusiveFlags without checking size.

https://gitlab.winehq.org/wine/wine/-/merge_requests/10395

[PATCH v2 0/1] MR10395: crypt32: Don't access CERT_CHAIN_ENGINE_CONFIG::dwExclusiveFlags without checking size.

Yuxuan Shui (＠yshui)