[PATCH] user32/scroll: Fix arithmetic overflow in GetThumbVal
Alexander Kochetkov
al.kochet at gmail.com
Sat Jan 9 05:54:07 CST 2010
The arithmetic overflow take place with this test values:
maxVal=101850000, minVal=-4850000, page=23239135, pos=101
I have no idea how to implement test.
-------------- next part --------------
From 39f991089beee75865fa023a4109f31aae590974 Mon Sep 17 00:00:00 2001
From: Alexander Kochetkov <al.kochet at gmail.com>
Date: Sat, 9 Jan 2010 14:28:37 +0300
Subject: [PATCH] user32/scroll: Fix arithmetic overflow in GetThumbVal
---
dlls/user32/scroll.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/dlls/user32/scroll.c b/dlls/user32/scroll.c
index 6c34652..f72fae0 100644
--- a/dlls/user32/scroll.c
+++ b/dlls/user32/scroll.c
@@ -317,6 +317,7 @@ static UINT SCROLL_GetThumbVal( SCROLLBAR_INFO *infoPtr, RECT *rect,
{
INT thumbSize;
INT pixels = vertical ? rect->bottom-rect->top : rect->right-rect->left;
+ INT range;
if ((pixels -= 2*(GetSystemMetrics(SM_CXVSCROLL) - SCROLL_ARROW_THUMB_OVERLAP)) <= 0)
return infoPtr->minVal;
@@ -333,9 +334,12 @@ static UINT SCROLL_GetThumbVal( SCROLLBAR_INFO *infoPtr, RECT *rect,
pos = max( 0, pos - (GetSystemMetrics(SM_CXVSCROLL) - SCROLL_ARROW_THUMB_OVERLAP) );
if (pos > pixels) pos = pixels;
- if (!infoPtr->page) pos *= infoPtr->maxVal - infoPtr->minVal;
- else pos *= infoPtr->maxVal - infoPtr->minVal - infoPtr->page + 1;
- return infoPtr->minVal + ((pos + pixels / 2) / pixels);
+ if (!infoPtr->page)
+ range = infoPtr->maxVal - infoPtr->minVal;
+ else
+ range = infoPtr->maxVal - infoPtr->minVal - infoPtr->page + 1;
+
+ return infoPtr->minVal + MulDiv(pos, range, pixels);
}
/***********************************************************************
--
1.6.0.4
More information about the wine-patches
mailing list