From 728076223812e11441f1f185c30d836c1269712e Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Wed, 19 Aug 2015 06:51:49 +0200 Subject: [PATCH] oleaut32: Fix possible integer overflow in VarR4FromDec. --- dlls/oleaut32/tests/vartype.c | 3 ++- dlls/oleaut32/vartype.c | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/dlls/oleaut32/tests/vartype.c b/dlls/oleaut32/tests/vartype.c index 4dd77a0f818..7cbb059bcb4 100644 --- a/dlls/oleaut32/tests/vartype.c +++ b/dlls/oleaut32/tests/vartype.c @@ -2890,7 +2890,8 @@ static void test_VarR4FromDec(void) CONVERT_DEC(VarR4FromDec,2,0x80,0,3276800); EXPECT(-32768.0f); CONVERT_DEC(VarR4FromDec,2,0,0,3276700); EXPECT(32767.0f); - + CONVERT_DEC(VarR4FromDec,10,0,0,3276700); EXPECT(0.00032767f); + CONVERT_DEC(VarR4FromDec,0,0,1,0); EXPECT(18446744073709551616.0f); } diff --git a/dlls/oleaut32/vartype.c b/dlls/oleaut32/vartype.c index 607d1a2de2c..bf7ebc6d1c0 100644 --- a/dlls/oleaut32/vartype.c +++ b/dlls/oleaut32/vartype.c @@ -2948,28 +2948,28 @@ HRESULT WINAPI VarR4FromUI4(ULONG ulIn, float *pFltOut) HRESULT WINAPI VarR4FromDec(DECIMAL* pDecIn, float *pFltOut) { BYTE scale = DEC_SCALE(pDecIn); - int divisor = 1; + double divisor = 1.0; double highPart; if (scale > DEC_MAX_SCALE || DEC_SIGN(pDecIn) & ~DECIMAL_NEG) return E_INVALIDARG; while (scale--) - divisor *= 10; + divisor *= 10.0; if (DEC_SIGN(pDecIn)) divisor = -divisor; if (DEC_HI32(pDecIn)) { - highPart = (double)DEC_HI32(pDecIn) / (double)divisor; + highPart = (double)DEC_HI32(pDecIn) / divisor; highPart *= 4294967296.0F; highPart *= 4294967296.0F; } else highPart = 0.0; - *pFltOut = (double)DEC_LO64(pDecIn) / (double)divisor + highPart; + *pFltOut = (double)DEC_LO64(pDecIn) / divisor + highPart; return S_OK; }