Hi,
Coverity says something about array indices in CreatePolyPolygonRgn and I see some code that looks bad:
if (((nbpolygons == 1) && ((*Count == 4) || ((*Count == 5) && (Pts[4].x == Pts[0].x) && (Pts[4].y == Pts[0].y))) && (((Pts[0].y == Pts[1].y) && (Pts[1].x == Pts[2].x) && (Pts[2].y == Pts[3].y) && (Pts[3].x == Pts[0].x)) || ((Pts[0].x == Pts[1].x) && (Pts[1].y == Pts[2].y) && (Pts[2].x == Pts[3].x) && (Pts[3].y == Pts[0].y)))))
The braces seems to be mismatched, so that even for *Count==4 it dereferences Pts[4].
But I cannot really make sense of the Count==5 version either, it seems broken too. Pts[4] is compared to Pts[0] points, but then again the 4 point polygon is compared.
Anyone? git blame says its from Alexandre in 1998 ...
Ciao, Marcus
Marcus Meissner wrote:
Hi,
Coverity says something about array indices in CreatePolyPolygonRgn and I see some code that looks bad:
if (((nbpolygons == 1) && ((*Count == 4) || ((*Count == 5) && (Pts[4].x == Pts[0].x) && (Pts[4].y == Pts[0].y))) && (((Pts[0].y == Pts[1].y) && (Pts[1].x == Pts[2].x) && (Pts[2].y == Pts[3].y) && (Pts[3].x == Pts[0].x)) || ((Pts[0].x == Pts[1].x) && (Pts[1].y == Pts[2].y) && (Pts[2].x == Pts[3].x) && (Pts[3].y == Pts[0].y)))))The braces seems to be mismatched, so that even for *Count==4 it dereferences Pts[4].
But I cannot really make sense of the Count==5 version either, it seems broken too. Pts[4] is compared to Pts[0] points, but then again the 4 point polygon is compared.
Anyone? git blame says its from Alexandre in 1998 ...
Marcus:
At first look, there appears to be an extra set of paraenthesis in this. Remove the first left and last right.
James McKenzie
-
James McKenzie -
Marcus Meissner