New subject: [Bug 29767] ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow

2 Feb 2012


      http://bugs.winehq.org/show_bug.cgi?id=29767
Bug #: 29767
           Summary: ellipse_first_quadrant() runs into dead loop for large
                    width and height because of negative overflow
           Product: Wine
           Version: 1.4-rc1
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: gdi32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: jiashulu@gmail.com
    Classification: Unclassified
The ellipse_first_quadrant() function located in dlls/gdi32/dibdrv/graphics.c
is used to compute points of an ellipse. When provided large width and height
parameters, it will fall into dead loop and finally result in an access
violation exception.
To reproduce, just pass the following parameters to ellipse_first_quadrant(): 
width = 815, height = 815
The problem is that the following line will encounter negative overflow:
int dx  = 4 * b * b * (1 - a);
which makes the two if statement in the while loop to be false.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 29767] New: ellipse_first_quadrant() runs into dead loop for large width and height because of negative overflow