# HG changeset patch
# User jkeil
# Date 1031661499 0
# Node ID 757e876d36fefee64499c684f9dbba11aeb2144c
# Parent  064ada190b6c4e9dc871b7486276ade9a585bf4b
Off-by-one error allocating bitmap, when (width*height) % 8 != 0
The code was writing beyond allocated memory, and could corrupt malloc heap.

diff -r 064ada190b6c -r 757e876d36fe Gui/bitmap.c
--- a/Gui/bitmap.c	Mon Sep 09 22:48:39 2002 +0000
+++ b/Gui/bitmap.c	Tue Sep 10 12:38:19 2002 +0000
@@ -114,7 +114,7 @@
  out->Width=in->Width;
  out->Height=in->Height;
  out->BPP=1;
- out->ImageSize=out->Width * out->Height / 8;
+ out->ImageSize=(out->Width * out->Height + 7) / 8;
  mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[c1to32] imagesize: %d\n",out->ImageSize );
  out->Image=(char *)calloc( 1,out->ImageSize );
  if ( out->Image == NULL ) mp_msg( MSGT_GPLAYER,MSGL_STATUS,"nem van ram baze\n" );
diff -r 064ada190b6c -r 757e876d36fe Gui/bitmap/bitmap.c
--- a/Gui/bitmap/bitmap.c	Mon Sep 09 22:48:39 2002 +0000
+++ b/Gui/bitmap/bitmap.c	Tue Sep 10 12:38:19 2002 +0000
@@ -114,7 +114,7 @@
  out->Width=in->Width;
  out->Height=in->Height;
  out->BPP=1;
- out->ImageSize=out->Width * out->Height / 8;
+ out->ImageSize=(out->Width * out->Height + 7) / 8;
  mp_dbg( MSGT_GPLAYER,MSGL_DBG2,"[c1to32] imagesize: %d\n",out->ImageSize );
  out->Image=(char *)calloc( 1,out->ImageSize );
  if ( out->Image == NULL ) mp_msg( MSGT_GPLAYER,MSGL_STATUS,"nem van ram baze\n" );