[PATCH 1/2] gdi32: Avoid integer overflow in the obj map compare fn.

Wed Oct 27 07:47:06 CDT 2021

Signed-off-by: Francisco Casas <fcasas at codeweavers.com>
---
 dlls/gdi32/objects.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dlls/gdi32/objects.c b/dlls/gdi32/objects.c
index 4b390aa0160..196cea9ba92 100644
--- a/dlls/gdi32/objects.c
+++ b/dlls/gdi32/objects.c
@@ -178,7 +178,11 @@ DWORD WINAPI GetObjectType( HGDIOBJ handle )
 static int obj_map_cmp( const void *key, const struct wine_rb_entry *entry )
 {
     struct obj_map_entry *obj_entry = WINE_RB_ENTRY_VALUE( entry, struct obj_map_entry, entry );
-    return HandleToLong( key ) - HandleToLong( obj_entry->obj );
+    UINT_PTR a = (UINT_PTR)key;
+    UINT_PTR b = (UINT_PTR)obj_entry->obj;
+    if (a > b) return 1;
+    if (a < b) return -1;
+    return 0;
 };
 
 struct wine_rb_tree obj_map = { obj_map_cmp };
-- 
2.25.1


