[1/4] gdi32: Don't crash when 0xffffffff is passed to GetCharABCWidthsA as lastChar.
Kusanagi Kouichi
slash at ac.auone-net.jp
Wed Jan 26 10:08:43 CST 2011
If lastChar is 0xffffffff, FONT_GetCharsByRangeA falls into
infinite loop because of wrap around, and crash.
This is a regression caused by commit
5c987fc57403a4ed26cd35b33318069913a66ab6.
Signed-off-by: Kusanagi Kouichi <slash at ac.auone-net.jp>
---
dlls/gdi32/font.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c
index 5dc2132..d9fae76 100644
--- a/dlls/gdi32/font.c
+++ b/dlls/gdi32/font.c
@@ -1566,7 +1566,7 @@ static LPSTR FONT_GetCharsByRangeA(UINT firstChar, UINT lastChar, PINT pByteLen)
if (str == NULL)
return NULL;
- for(i = 0, c = firstChar; c <= lastChar; i++, c++)
+ for(i = 0, c = firstChar; count > 0; i++, c++, count--)
{
if (c > 0xff)
str[i++] = (BYTE)(c >> 8);
--
1.7.2.3
More information about the wine-patches
mailing list