Qian Hong qhong@codeweavers.com writes:

@@ -1629,8 +1630,28 @@ NtAccessCheck(

     status = wine_server_call( req );

•    *ReturnLength = FIELD_OFFSET( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
  

•    PrivilegeSet->PrivilegeCount = reply->privileges_len / sizeof(LUID_AND_ATTRIBUTES);
  

•    return_length = FIELD_OFFSET( PRIVILEGE_SET, Privilege ) + reply->privileges_len;
  

•    if (return_length < sizeof(PRIVILEGE_SET))
  

•        return_length = sizeof(PRIVILEGE_SET);
  

•    if (*ReturnLength == 0)
  

•    {
  

•        *ReturnLength = return_length;
  

•        return STATUS_BUFFER_TOO_SMALL;
  

•    }
  

•    if (!PrivilegeSet)
  

•        return STATUS_ACCESS_VIOLATION;
  

It doesn't make sense to test this after it has already been passed to the server, what's more with an invalid length.