From d4924bf9a162a0045ac35e78b8a2785671137ddf Mon Sep 17 00:00:00 2001
From: Akihiro Sagawa <sagawa.aki@gmail.com>
Date: Sun, 16 Jan 2011 23:00:21 +0900
Subject: [PATCH] gdi32: Avoid an integer overflow in GetCharABCWidthsA.

---
 dlls/gdi32/font.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dlls/gdi32/font.c b/dlls/gdi32/font.c
index 75a714bfd6c..cf29addfa70 100644
--- a/dlls/gdi32/font.c
+++ b/dlls/gdi32/font.c
@@ -2296,16 +2296,16 @@ BOOL WINAPI GetAspectRatioFilterEx( HDC hdc, LPSIZE pAspectRatio )
 BOOL WINAPI GetCharABCWidthsA(HDC hdc, UINT firstChar, UINT lastChar,
                                   LPABC abc )
 {
-    INT i, wlen;
+    INT i, wlen, count = (INT)(lastChar - firstChar + 1);
     UINT c;
     LPSTR str;
     LPWSTR wstr;
     BOOL ret = TRUE;
 
-    if (lastChar < firstChar)
+    if (count <= 0)
         return FALSE;
 
-    str = HeapAlloc(GetProcessHeap(), 0, (lastChar - firstChar + 1) * 2 + 1);
+    str = HeapAlloc(GetProcessHeap(), 0, count * 2 + 1);
     if (str == NULL)
         return FALSE;