http://bugs.winehq.org/show_bug.cgi?id=29767 Bug #: 29767 Summary: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow Product: Wine Version: 1.4-rc1 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdi32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: jiashulu(a)gmail.com Classification: Unclassified The ellipse_first_quadrant() function located in dlls/gdi32/dibdrv/graphics.c is used to compute points of an ellipse. When provided large width and height parameters, it will fall into dead loop and finally result in an access violation exception. To reproduce, just pass the following parameters to ellipse_first_quadrant(): width = 815, height = 815 The problem is that the following line will encounter negative overflow: int dx = 4 * b * b * (1 - a); which makes the two if statement in the while loop to be false. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.