http://git.etersoft.ru/projects / wine / eterwine.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 62b5963)
gdi32: Avoid an integer overflow in GetCharABCWidthsA.
authorAkihiro Sagawa <sagawa.aki@gmail.com>
Sun, 16 Jan 2011 14:00:21 +0000 (23:00 +0900)
committerAlexandre Julliard <julliard@winehq.org>
Mon, 17 Jan 2011 15:00:12 +0000 (16:00 +0100)
dlls/gdi32/font.c patch | blob | blame | history

diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c
index 75a714bfd6c1fa44472673faaa74cdc668d253a2..cf29addfa7089cb299a21fd29b71d1c3c36374e6 100644 (file)
--- a/dlls/gdi32/font.c
+++ b/dlls/gdi32/font.c
@@ -2296,16 +2296,16 @@ BOOL WINAPI GetAspectRatioFilterEx( HDC hdc, LPSIZE pAspectRatio )
 BOOL WINAPI GetCharABCWidthsA(HDC hdc, UINT firstChar, UINT lastChar,
                                   LPABC abc )
 {
-    INT i, wlen;
+    INT i, wlen, count = (INT)(lastChar - firstChar + 1);
     UINT c;
     LPSTR str;
     LPWSTR wstr;
     BOOL ret = TRUE;
 
-    if (lastChar < firstChar)
+    if (count <= 0)
         return FALSE;
 
-    str = HeapAlloc(GetProcessHeap(), 0, (lastChar - firstChar + 1) * 2 + 1);
+    str = HeapAlloc(GetProcessHeap(), 0, count * 2 + 1);
     if (str == NULL)
         return FALSE;
 
eterwine