From 3d381403a88387d1599c3a63dd0bdf9bb97a2911 Mon Sep 17 00:00:00 2001
From: frosch <frosch@openttd.org>
Date: Sat, 25 Feb 2012 17:18:17 +0000
Subject: [PATCH] (svn r23986) -Fix (r23889): Invalid reads when scaling an
 odd-sized sprite smaller.

---
 src/spritecache.cpp | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/spritecache.cpp b/src/spritecache.cpp
index c77d3c5460..4b705fc94d 100644
--- a/src/spritecache.cpp
+++ b/src/spritecache.cpp
@@ -197,18 +197,19 @@ static void ResizeSpriteOut(SpriteLoader::Sprite *sprite, ZoomLevel zoom)
 	const SpriteLoader::CommonPixel *src_end = src + sprite[zoom - 1].height * sprite[zoom - 1].width;
 
 	for (uint y = 0; y < sprite[zoom].height; y++) {
-		if (src >= src_end) src = src_end - sprite[zoom - 1].width;
-
-		const SpriteLoader::CommonPixel *src_ln = src + sprite[zoom - 1].width * 2;
+		const SpriteLoader::CommonPixel *src_ln = src + sprite[zoom - 1].width;
+		assert(src_ln <= src_end);
 		for (uint x = 0; x < sprite[zoom].width; x++) {
-			if (src >= src_ln) src = src_ln - 1;
-			if ((src + 1)->a != 0) { *dst = *(src + 1); }
-			else { *dst = *src; }
+			assert(src < src_ln);
+			if (src + 1 != src_ln && (src + 1)->a != 0) {
+				*dst = *(src + 1);
+			} else {
+				*dst = *src;
+			}
 			dst++;
 			src += 2;
 		}
-
-		src = src_ln;
+		src = src_ln + sprite[zoom - 1].width;
 	}
 }