[Bug 29767] New: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Feb 1 21:58:23 CST 2012


http://bugs.winehq.org/show_bug.cgi?id=29767

             Bug #: 29767
           Summary: ellipse_first_quadrant() runs into dead loop for large
                    width and height because of negative overflow
           Product: Wine
           Version: 1.4-rc1
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdi32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: jiashulu at gmail.com
    Classification: Unclassified


The ellipse_first_quadrant() function located in dlls/gdi32/dibdrv/graphics.c
is used to compute points of an ellipse. When provided large width and height
parameters, it will fall into dead loop and finally result in an access
violation exception.

To reproduce, just pass the following parameters to ellipse_first_quadrant(): 
width = 815, height = 815

The problem is that the following line will encounter negative overflow:
int dx  = 4 * b * b * (1 - a);
which makes the two if statement in the while loop to be false.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list