From: Alex Henrie alexhenrie24@gmail.com
Without this check, the return value is undefined. --- dlls/ntdll/tests/file.c | 5 +++++ dlls/ntdll/unix/sync.c | 2 ++ dlls/wow64/file.c | 6 +++++- 3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/dlls/ntdll/tests/file.c b/dlls/ntdll/tests/file.c index 02bdf67796d..8465ad4543a 100644 --- a/dlls/ntdll/tests/file.c +++ b/dlls/ntdll/tests/file.c @@ -1039,6 +1039,11 @@ static void test_set_io_completion(void) return; }
+ count = 0xdeadbeef; + res = pNtRemoveIoCompletionEx( h, info, 0, &count, &timeout, FALSE ); + ok( res == STATUS_INVALID_PARAMETER, "NtRemoveIoCompletionEx failed: %#lx\n", res ); + ok( count == 0xdeadbeef, "wrong count %lu\n", count ); + count = 0xdeadbeef; res = pNtRemoveIoCompletionEx( h, info, 2, &count, &timeout, FALSE ); ok( res == STATUS_TIMEOUT, "NtRemoveIoCompletionEx failed: %#lx\n", res ); diff --git a/dlls/ntdll/unix/sync.c b/dlls/ntdll/unix/sync.c index d486b50001d..bc2aa0271a1 100644 --- a/dlls/ntdll/unix/sync.c +++ b/dlls/ntdll/unix/sync.c @@ -2081,6 +2081,8 @@ NTSTATUS WINAPI NtRemoveIoCompletionEx( HANDLE handle, FILE_IO_COMPLETION_INFORM
TRACE( "%p %p %u %p %p %u\n", handle, info, (int)count, written, timeout, alertable );
+ if (!count) return STATUS_INVALID_PARAMETER; + while (i < count) { SERVER_START_REQ( remove_completion ) diff --git a/dlls/wow64/file.c b/dlls/wow64/file.c index 0afd02a2a7c..d3358000def 100644 --- a/dlls/wow64/file.c +++ b/dlls/wow64/file.c @@ -751,7 +751,11 @@ NTSTATUS WINAPI wow64_NtRemoveIoCompletionEx( UINT *args )
NTSTATUS status; ULONG i; - FILE_IO_COMPLETION_INFORMATION *info = Wow64AllocateTemp( count * sizeof(*info) ); + FILE_IO_COMPLETION_INFORMATION *info; + + if (!count) return STATUS_INVALID_PARAMETER; + + info = Wow64AllocateTemp( count * sizeof(*info) );
status = NtRemoveIoCompletionEx( handle, info, count, written, timeout, alertable ); for (i = 0; i < *written; i++)