help with coverity spotted problem in region.c::CreatePolyPolygonRgn
Marcus Meissner
marcus at jet.franken.de
Sat Jan 24 03:32:05 CST 2009
Hi,
Coverity says something about array indices in CreatePolyPolygonRgn
and I see some code that looks bad:
if (((nbpolygons == 1) && ((*Count == 4) ||
((*Count == 5) && (Pts[4].x == Pts[0].x) && (Pts[4].y == Pts[0].y))) &&
(((Pts[0].y == Pts[1].y) &&
(Pts[1].x == Pts[2].x) &&
(Pts[2].y == Pts[3].y) &&
(Pts[3].x == Pts[0].x)) ||
((Pts[0].x == Pts[1].x) &&
(Pts[1].y == Pts[2].y) &&
(Pts[2].x == Pts[3].x) &&
(Pts[3].y == Pts[0].y)))))
The braces seems to be mismatched, so that even for
*Count==4 it dereferences Pts[4].
But I cannot really make sense of the Count==5 version either,
it seems broken too. Pts[4] is compared to Pts[0] points, but then
again the 4 point polygon is compared.
Anyone? git blame says its from Alexandre in 1998 ...
Ciao, Marcus
More information about the wine-devel
mailing list