~mdw
/
sgt
/
puzzles
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
ef429a6
)
Integer overflow in game_size(). Oops.
author
simon
<simon@cda61777-01e9-0310-a592-d414129be87e>
Tue, 7 Jun 2005 20:44:14 +0000
(20:44 +0000)
committer
simon
<simon@cda61777-01e9-0310-a592-d414129be87e>
Tue, 7 Jun 2005 20:44:14 +0000
(20:44 +0000)
git-svn-id: svn://svn.tartarus.org/sgt/puzzles@5921
cda61777
-01e9-0310-a592-
d414129be87e
rect.c
patch
|
blob
|
blame
|
history
diff --git
a/rect.c
b/rect.c
index
f0e5e79
..
9a8846c
100644
(file)
--- a/
rect.c
+++ b/
rect.c
@@
-2307,9
+2307,12
@@
static void game_size(game_params *params, game_drawstate *ds,
* Each window dimension equals the tile size times 1.5 more
* than the grid dimension (the border is 3/4 the width of the
* tiles).
+ *
+ * We must cast to unsigned before multiplying by two, because
+ * *x might be INT_MAX.
*/
- tsx = 2 * *x / (2 * params->w + 3);
- tsy = 2 * *y / (2 * params->h + 3);
+ tsx = 2 *
(unsigned)
*x / (2 * params->w + 3);
+ tsy = 2 *
(unsigned)
*y / (2 * params->h + 3);
ts = min(tsx, tsy);
if (expand)
ds->tilesize = ts;