In get_valloc_info, if mem happens to point to the last chunk of memory in the user space virtual address space, "p += info2.RegionSize" will cause it to go over the limit, and subsequent VirtualQueries will fail, thus info2 won't be changed, thus the loop exit condition is never met (well until p wraps around, that is).
* * *
Witnessed this in CI:
``` 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x7ffffffe0000, info_class=0, 0x442120, 48, 0xfd4a0) 012c:0130:trace:virtual:get_vprot_range_size base 0x7ffffffe0000, size 0x10000, mask 0xbf. 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x7ffffffe0000, info_class=0, 0x442170, 48, 0xfd520) 012c:0130:trace:virtual:get_vprot_range_size base 0x7ffffffe0000, size 0x10000, mask 0xbf. 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x7fffffff0000, info_class=0, 0x442170, 48, 0xfd5e0) 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x800000000000, info_class=0, 0x442170, 48, 0xfd820) 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x800000010000, info_class=0, 0x442170, 48, 0xfda60) 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x800000020000, info_class=0, 0x442170, 48, 0xfdca0) 012c:0130:trace:virtual:NtQueryVirtualMemory (0xffffffffffffffff, 0x800000030000, info_class=0, 0x442170, 48, 0xfdee0) ... ```
and winetest logs:
``` ... heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.322 Test failed: init size 0: got 0. heap.c:3662:3.323 Test failed: init size 0: got 0. heap.c:3662:3.323 Test failed: init size 0: got 0. ... ```
ad infinitum
Probably made more likely by ASan since it takes a big chunk of the address space.