MSRLE32 crash fix
Michael Karcher
michael.karcher at dpk.berlin.fido.de
Sun Mar 10 18:05:36 CST 2002
Hello Wine team,
I found a bug in msrle32.c that made the starting screen of Half-Life
crash. The cause is that pDst is advanced to much when decoding DELTA
blocks, so memory gets overwritten after the end of the destination
bit map. You should not add "delta_x" to the pointer, because it is
incremented linewise and the x coordinate is used as array index.
(diff -u included)
Michael Karcher
--- dlls/msrle32/msrle32.c.orig Sun Mar 10 00:39:08 2002
+++ dlls/msrle32/msrle32.c Mon Mar 11 00:47:37 2002
@@ -89,7 +89,7 @@
delta_y = (LONG)*pSrc++;
x += delta_x;
y += delta_y;
- pDst += delta_y * pitch + delta_x;
+ pDst += delta_y * pitch;
break;
default: /* RAW */
len = data;
More information about the wine-patches
mailing list