[Bug 29767] New: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Feb 1 21:58:23 CST 2012
http://bugs.winehq.org/show_bug.cgi?id=29767
Bug #: 29767
Summary: ellipse_first_quadrant() runs into dead loop for large
width and height because of negative overflow
Product: Wine
Version: 1.4-rc1
Platform: x86
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: gdi32
AssignedTo: wine-bugs at winehq.org
ReportedBy: jiashulu at gmail.com
Classification: Unclassified
The ellipse_first_quadrant() function located in dlls/gdi32/dibdrv/graphics.c
is used to compute points of an ellipse. When provided large width and height
parameters, it will fall into dead loop and finally result in an access
violation exception.
To reproduce, just pass the following parameters to ellipse_first_quadrant():
width = 815, height = 815
The problem is that the following line will encounter negative overflow:
int dx = 4 * b * b * (1 - a);
which makes the two if statement in the while loop to be false.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list