sergiotarxz/libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix int overflow in vips_region_copy

Browse Source 
this could cause crashes with very wide images, see:

https://github.com/libvips/libvips/issues/1989
This commit is contained in:
John Cupitt 2021-02-22 10:02:03 +00:00
parent 75959ece6a
commit 44688e2702
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libvips/iofuncs/region.c
View File

@ -48,6 +48,9 @@
* 9/6/19 * 9/6/19
* - saner behaviour for vips_region_fetch() if the request is partly * - saner behaviour for vips_region_fetch() if the request is partly
* outside the image * outside the image
* 22/2/21 f1ac
* - fix int overflow in vips_region_copy(), could cause crashes with
* very wide images
*/ */
/* /*
@ -1048,12 +1051,13 @@ void
vips_region_copy( VipsRegion *reg, vips_region_copy( VipsRegion *reg,
VipsRegion *dest, const VipsRect *r, int x, int y ) VipsRegion *dest, const VipsRect *r, int x, int y )
{ {
int z; size_t len = VIPS_IMAGE_SIZEOF_PEL( reg->im ) * r->width;
int len = VIPS_IMAGE_SIZEOF_PEL( reg->im ) * r->width;
VipsPel *p = VIPS_REGION_ADDR( reg, r->left, r->top ); VipsPel *p = VIPS_REGION_ADDR( reg, r->left, r->top );
VipsPel *q = VIPS_REGION_ADDR( dest, x, y ); VipsPel *q = VIPS_REGION_ADDR( dest, x, y );
int plsk = VIPS_REGION_LSKIP( reg ); size_t plsk = VIPS_REGION_LSKIP( reg );
int qlsk = VIPS_REGION_LSKIP( dest ); size_t qlsk = VIPS_REGION_LSKIP( dest );
int z;
#ifdef DEBUG #ifdef DEBUG
/* Find the area we will write to in dest. /* Find the area we will write to in dest.