Hi,

I expect this patch will be accepted due to precedent - a few months ago I submitted the same patch for the same problem in a different routine in a different compilation unit of ntdll.

Yes, I guess the infinite loop does not occur in practice (someone would have noticed) and I guess it has been there a very long time. But it isn't exactly hard to spot - I was speed reading the code looking for something else.

I've seen a lot of chatter recently about something called Coverity. I looked it up on Wikipedia (after checking the spelling). Apart from it's obvious use as a conversation piece, is it proving useful to the project ?

Is there a feedback policy ?

Something like "We think your product is superlative .... but someone may wonder if your code not finding this bug in our code might be a bug in your code."

Security :); false sense of security :(

Paul Bryan Roberts

From dd2f31b0176e795edf5b1eb081410de7ed5ed03d Mon Sep 17 00:00:00 2001

From: Paul Bryan Roberts pbronline-wine@yahoo.co.uk Date: Thu, 12 Feb 2009 08:09:17 +0000 Subject: ntdll: avoid potential infinite loop

--- dlls/ntdll/nt.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c index 879a324..dc81648 100644 --- a/dlls/ntdll/nt.c +++ b/dlls/ntdll/nt.c @@ -293,17 +293,20 @@ NTSTATUS WINAPI NtQueryInformationToken( char stack_buffer[256]; unsigned int server_buf_len = sizeof(stack_buffer); void *buffer = stack_buffer; - BOOLEAN need_more_memory = FALSE; + BOOLEAN need_more_memory;

/* we cannot work out the size of the server buffer required for the * input size, since there are two factors affecting how much can be * stored in the buffer - number of groups and lengths of sids */ do { + need_more_memory = FALSE; + SERVER_START_REQ( get_token_groups ) { TOKEN_GROUPS *groups = tokeninfo;

+ req->handle = wine_server_obj_handle( token ); wine_server_set_reply( req, buffer, server_buf_len ); status = wine_server_call( req );