[PATCH] user32/scroll: Fix arithmetic overflow in GetThumbVal (resend)

[Alexander Kochetkov]

- removed trailing white spaces in the patch

The arithmetic overflow take place with this test values:
maxVal=101850000, minVal=-4850000, page=23239135, pos=101
I have no idea how to implement test.
-------------- next part --------------
From 0530a5e1fb7e4900cba1f5dac52db4179fffcfd0 Mon Sep 17 00:00:00 2001
From: Alexander Kochetkov <al.kochet at gmail.com>
Date: Sat, 9 Jan 2010 15:24:44 +0300
Subject: [PATCH] user32/scroll: Fix arithmetic overflow in GetThumbVal

---
 dlls/user32/scroll.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/dlls/user32/scroll.c b/dlls/user32/scroll.c
index 6c34652..423dea1 100644
--- a/dlls/user32/scroll.c
+++ b/dlls/user32/scroll.c
@@ -317,6 +317,7 @@ static UINT SCROLL_GetThumbVal( SCROLLBAR_INFO *infoPtr, RECT *rect,
 {
     INT thumbSize;
     INT pixels = vertical ? rect->bottom-rect->top : rect->right-rect->left;
+    INT range;
 
     if ((pixels -= 2*(GetSystemMetrics(SM_CXVSCROLL) - SCROLL_ARROW_THUMB_OVERLAP)) <= 0)
         return infoPtr->minVal;
@@ -333,9 +334,12 @@ static UINT SCROLL_GetThumbVal( SCROLLBAR_INFO *infoPtr, RECT *rect,
     pos = max( 0, pos - (GetSystemMetrics(SM_CXVSCROLL) - SCROLL_ARROW_THUMB_OVERLAP) );
     if (pos > pixels) pos = pixels;
 
-    if (!infoPtr->page) pos *= infoPtr->maxVal - infoPtr->minVal;
-    else pos *= infoPtr->maxVal - infoPtr->minVal - infoPtr->page + 1;
-    return infoPtr->minVal + ((pos + pixels / 2) / pixels);
+    if (!infoPtr->page)
+        range = infoPtr->maxVal - infoPtr->minVal;
+    else
+        range = infoPtr->maxVal - infoPtr->minVal - infoPtr->page + 1;
+
+    return infoPtr->minVal + MulDiv(pos, range, pixels);
 }
 
 /***********************************************************************
-- 
1.6.0.4