dsound: fix off by 1 heap error in DSOUND_MixerVol

[Hoehle, Joerg-Cyril]

Hi,

Ref: http://bugs.winehq.org/show_bug.cgi?id=12349
Maarten Lankhorst asked me to submit my patch to wine-patches, so here it goes.

This is my third attempt at submitting this.  MS-Outlook botched the TABs
from the previous posts, so they were "Not Obviously Correct".
I hope it'll get through this time.

This patch code is put under the same copyright as wine as of version
0.9.61, c.f. src/git/wine/{LICENSE,COPYING.LIB}

2008-04-03  Jörg Höhle <hoehle at users.sourceforge.net>

	* dlls/dsound/mixer.c:
	dsound: fix heap off by one overflow in DSOUND_MixerVol.

--- /home/hoehle/src/git/wine/dlls/dsound/mixer.c	2008-05-04 17:27:35.000000000 +0200
+++ ./dlls/dsound/mixer.c	2008-04-23 17:58:42.000000000 +0200
@@ -469,7 +469,7 @@
 	case 8:
 		/* 8-bit WAV is unsigned, but we need to operate */
 		/* on signed data for this to work properly */
-		for (i = 0; i < len; i+=2) {
+		for (i = 0; i < len-1; i+=2) {
 			*(bpc++) = (((*(mem++) - 128) * vLeft) >> 16) + 128;
 			*(bpc++) = (((*(mem++) - 128) * vRight) >> 16) + 128;
 		}
@@ -478,7 +478,7 @@
 		break;
 	case 16:
 		/* 16-bit WAV is signed -- much better */
-		for (i = 0; i < len; i += 4) {
+		for (i = 0; i < len-3; i += 4) {
 			*(bps++) = (*(mems++) * vLeft) >> 16;
 			*(bps++) = (*(mems++) * vRight) >> 16;
 		}

The diff is against wine 1.0rc1. Thank you all for wine.

Alternatively, you could apply my preferred form:
		for (i = 1; i < len; i += 4)
		for (i = 3; i < len; i += 4)
Refer to above URL for details of the discussion.

Regards,
 Jörg Höhle