[Bug 29767] New: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow

2 Feb 2012


      http://bugs.winehq.org/show_bug.cgi?id=29767
Bug #: 29767
           Summary: ellipse_first_quadrant() runs into dead loop for large
                    width and height because of negative overflow
           Product: Wine
           Version: 1.4-rc1
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdi32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: jiashulu@gmail.com
    Classification: Unclassified
The ellipse_first_quadrant() function located in dlls/gdi32/dibdrv/graphics.c
is used to compute points of an ellipse. When provided large width and height
parameters, it will fall into dead loop and finally result in an access
violation exception.
To reproduce, just pass the following parameters to ellipse_first_quadrant(): 
width = 815, height = 815
The problem is that the following line will encounter negative overflow:
int dx  = 4 * b * b * (1 - a);
which makes the two if statement in the while loop to be false.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 29767] New: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow