Integer overflow in game_size(). Oops.

author Simon Tatham <anakin@pobox.com>

Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)

committer Simon Tatham <anakin@pobox.com>

Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)
author Simon Tatham <anakin@pobox.com>
Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)
committer Simon Tatham <anakin@pobox.com>
Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)
diff --git a/rect.c b/rect.c

index f0e5e79f1427bd959b34cb36f518276d8dd1e942..9a8846c43ca6eb0d1c623c3fb55059b3534c9da3 100644 (file)
--- a/rect.c
+++ b/rect.c
@@ -2307,9 +2307,12 @@ static void game_size(game_params *params, game_drawstate *ds,
       * Each window dimension equals the tile size times 1.5 more
       * than the grid dimension (the border is 3/4 the width of the
       * tiles).
+     * 
+     * We must cast to unsigned before multiplying by two, because
+     * *x might be INT_MAX.
       */
-    tsx = 2 * *x / (2 * params->w + 3);
-    tsy = 2 * *y / (2 * params->h + 3);
+    tsx = 2 * (unsigned)*x / (2 * params->w + 3);
+    tsy = 2 * (unsigned)*y / (2 * params->h + 3);
      ts = min(tsx, tsy);
      if (expand)
          ds->tilesize = ts;
author	Simon Tatham <anakin@pobox.com>
	Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)
committer	Simon Tatham <anakin@pobox.com>
	Tue, 7 Jun 2005 20:44:14 +0000 (20:44 +0000)