"Dan Kegel" dank@kegel.com writes:

Without this patch, NtAccessCheck() references uninitialized memory (it seems to send the entire ACL with the user's length to the server, not just sizeof(ACL)). This showed up as valgrind errors when running "make test" in advapi32. I suppose the right fix might be to send just sizeof(ACL) bytes to the server, but I wouldn't know, and initializing all the bytes given by the caller seems innocuous enough.

It isn't innocuous, if Windows doesn't do it then it's quite likely that apps will pass a too large size, we've had that kind of problem in some other places already.