From b1e706bf7ea74263e9100506ef11f8060cc76616 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 7 Jun 2005 20:44:14 +0000 Subject: [PATCH] Integer overflow in game_size(). Oops. [originally from svn r5921] --- rect.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rect.c b/rect.c index f0e5e79..9a8846c 100644 --- a/rect.c +++ b/rect.c @@ -2307,9 +2307,12 @@ static void game_size(game_params *params, game_drawstate *ds, * Each window dimension equals the tile size times 1.5 more * than the grid dimension (the border is 3/4 the width of the * tiles). + * + * We must cast to unsigned before multiplying by two, because + * *x might be INT_MAX. */ - tsx = 2 * *x / (2 * params->w + 3); - tsy = 2 * *y / (2 * params->h + 3); + tsx = 2 * (unsigned)*x / (2 * params->w + 3); + tsy = 2 * (unsigned)*y / (2 * params->h + 3); ts = min(tsx, tsy); if (expand) ds->tilesize = ts;