diff --git a/ChangeLog b/ChangeLog
index 3b4f347b7e..5c14bf7d54 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,7 @@
- heifload: prevent possible int overflow for large images [kleisauke]
- tiffload: add missing read loop [kleisauke]
- prevent possible use-after-free when debugging via `--vips-leak` flag [lovell]
+- avoid possible overflow when multiplication result is cast up [lovell]
10/10/24 8.16.0
diff --git a/libvips/arithmetic/hist_find_indexed.c b/libvips/arithmetic/hist_find_indexed.c
index 9c61ab7684..e6436d7294 100644
--- a/libvips/arithmetic/hist_find_indexed.c
+++ b/libvips/arithmetic/hist_find_indexed.c
@@ -117,8 +117,8 @@ histogram_new(VipsHistFindIndexed *indexed)
!(hist->reg = vips_region_new(indexed->index_ready)))
return NULL;
- memset(hist->bins, 0, bands * hist->size * sizeof(double));
- memset(hist->init, 0, hist->size * sizeof(int));
+ memset(hist->bins, 0, (size_t) bands * hist->size * sizeof(double));
+ memset(hist->init, 0, (size_t) hist->size * sizeof(int));
return hist;
}
diff --git a/libvips/arithmetic/project.c b/libvips/arithmetic/project.c
index e2f7f240df..9585cb0426 100644
--- a/libvips/arithmetic/project.c
+++ b/libvips/arithmetic/project.c
@@ -109,8 +109,8 @@ histogram_new(VipsProject *project)
!hist->row_sums)
return NULL;
- memset(hist->column_sums, 0, psize * in->Xsize);
- memset(hist->row_sums, 0, psize * in->Ysize);
+ memset(hist->column_sums, 0, (size_t) psize * in->Xsize);
+ memset(hist->row_sums, 0, (size_t) psize * in->Ysize);
return hist;
}
diff --git a/libvips/colour/LCh2UCS.c b/libvips/colour/LCh2UCS.c
index eeb2fe669a..1d3fa92873 100644
--- a/libvips/colour/LCh2UCS.c
+++ b/libvips/colour/LCh2UCS.c
@@ -165,9 +165,9 @@ vips_col_Ch2hcmc(float C, float h)
}
P = cos(VIPS_RAD(k7 * h + k8));
- D = k4 + k5 * P * pow(VIPS_FABS(P), k6);
+ D = k4 + k5 * P * powf(fabsf(P), k6);
g = C * C * C * C;
- f = sqrt(g / (g + 1900.0));
+ f = sqrtf(g / (g + 1900.0F));
hcmc = h + D * f;
return hcmc;
diff --git a/libvips/conversion/bandfold.c b/libvips/conversion/bandfold.c
index 707e6d3187..33dbee4323 100644
--- a/libvips/conversion/bandfold.c
+++ b/libvips/conversion/bandfold.c
@@ -96,7 +96,7 @@ vips_bandfold_gen(VipsRegion *out_region,
/* We can't use vips_region_region() since we change pixel
* coordinates.
*/
- memcpy(q, p, psize * r->width);
+ memcpy(q, p, (size_t) psize * r->width);
}
return 0;
diff --git a/libvips/conversion/bandunfold.c b/libvips/conversion/bandunfold.c
index 6bec18c835..cfc4f9df31 100644
--- a/libvips/conversion/bandunfold.c
+++ b/libvips/conversion/bandunfold.c
@@ -99,7 +99,7 @@ vips_bandunfold_gen(VipsRegion *out_region,
/* We can't use vips_region_region() since we change pixel
* coordinates.
*/
- memcpy(q, p, r->width * psize);
+ memcpy(q, p, (size_t) r->width * psize);
}
return 0;
diff --git a/libvips/conversion/composite.cpp b/libvips/conversion/composite.cpp
index 2c5bafd66f..86f83b4c1a 100644
--- a/libvips/conversion/composite.cpp
+++ b/libvips/conversion/composite.cpp
@@ -899,7 +899,7 @@ vips_composite_base_blend3(VipsCompositeSequence *seq,
/* You can't sqrt a vector, so we must loop.
*/
for (int b = 0; b < 3; b++) {
- double g;
+ float g;
if (B[b] <= 0.25)
g = ((16 * B[b] - 12) * B[b] + 4) * B[b];
diff --git a/libvips/conversion/embed.c b/libvips/conversion/embed.c
index c1cbf181de..5d4b96b0dd 100644
--- a/libvips/conversion/embed.c
+++ b/libvips/conversion/embed.c
@@ -217,7 +217,7 @@ vips_embed_base_paint_edge(VipsEmbedBase *base,
*/
for (y = 0; y < todo.height; y++) {
q = VIPS_REGION_ADDR(out_region, todo.left, todo.top + y);
- memcpy(q, p, bs * todo.width);
+ memcpy(q, p, (size_t) bs * todo.width);
}
}
diff --git a/libvips/foreign/jp2ksave.c b/libvips/foreign/jp2ksave.c
index bbdc2025ae..58205af906 100644
--- a/libvips/foreign/jp2ksave.c
+++ b/libvips/foreign/jp2ksave.c
@@ -482,7 +482,7 @@ vips_foreign_save_jp2k_sizeof_tile(VipsForeignSaveJp2k *jp2k, VipsRect *tile)
(double) tile->height / comp->dy);
;
- size += output_width * output_height * sizeof_element;
+ size += (size_t) output_width * output_height * sizeof_element;
}
return size;
diff --git a/libvips/foreign/nsgifload.c b/libvips/foreign/nsgifload.c
index ba24ff2b8c..366a3f6837 100644
--- a/libvips/foreign/nsgifload.c
+++ b/libvips/foreign/nsgifload.c
@@ -512,7 +512,7 @@ vips_foreign_load_nsgif_generate(VipsRegion *out_region,
gif->frame_number = page;
}
- p = (VipsPel *) gif->bitmap + line * gif->info->width * sizeof(int);
+ p = (VipsPel *) gif->bitmap + (size_t) line * gif->info->width * sizeof(int);
q = VIPS_REGION_ADDR(out_region, 0, r->top + y);
if (gif->has_transparency)
memcpy(q, p, VIPS_REGION_SIZEOF_LINE(out_region));
diff --git a/libvips/foreign/tiff2vips.c b/libvips/foreign/tiff2vips.c
index 3977031811..dbdfe679f7 100644
--- a/libvips/foreign/tiff2vips.c
+++ b/libvips/foreign/tiff2vips.c
@@ -1659,7 +1659,7 @@ static void
rtiff_memcpy_f16_line(Rtiff *rtiff, VipsPel *q, VipsPel *p, int n, void *client)
{
VipsImage *im = (VipsImage *) client;
- size_t len = n * im->Bands;
+ size_t len = (size_t) n * im->Bands;
if (im->BandFmt == VIPS_FORMAT_COMPLEX ||
im->BandFmt == VIPS_FORMAT_DPCOMPLEX)
@@ -2107,7 +2107,7 @@ rtiff_decompress_jpeg_run(Rtiff *rtiff, j_decompress_ptr cinfo,
}
jpeg_calc_output_dimensions(cinfo);
- bytes_per_scanline = cinfo->output_width * bytes_per_pixel;
+ bytes_per_scanline = (size_t) cinfo->output_width * bytes_per_pixel;
/* Double-check tile dimensions.
*/
diff --git a/libvips/foreign/vips2tiff.c b/libvips/foreign/vips2tiff.c
index 9a85861409..afad50b8bc 100644
--- a/libvips/foreign/vips2tiff.c
+++ b/libvips/foreign/vips2tiff.c
@@ -2302,7 +2302,7 @@ wtiff_copy_tiles(Wtiff *wtiff, TIFF *out, TIFF *in)
* simpler than searching every page for the largest tile with
* TIFFTAG_TILEBYTECOUNTS.
*/
- tile_size = 2 * wtiff->tls * wtiff->tileh;
+ tile_size = (tsize_t) 2 * wtiff->tls * wtiff->tileh;
buf = vips_malloc(NULL, tile_size);
diff --git a/libvips/foreign/webp2vips.c b/libvips/foreign/webp2vips.c
index 03cd483c13..2844dae8d4 100644
--- a/libvips/foreign/webp2vips.c
+++ b/libvips/foreign/webp2vips.c
@@ -305,7 +305,7 @@ vips_image_paint_image(VipsImage *frame,
}
else
memcpy((char *) q, (char *) p,
- ovl.width * ps);
+ (size_t) ovl.width * ps);
p += VIPS_IMAGE_SIZEOF_LINE(sub);
q += VIPS_IMAGE_SIZEOF_LINE(frame);
diff --git a/libvips/foreign/webpsave.c b/libvips/foreign/webpsave.c
index 452a77d7cc..4a44954e9f 100644
--- a/libvips/foreign/webpsave.c
+++ b/libvips/foreign/webpsave.c
@@ -355,7 +355,7 @@ vips_foreign_save_webp_sink_disc(VipsRegion *region, VipsRect *area, void *a)
memcpy(webp->frame_bytes +
area->width * webp->write_y * save->ready->Bands,
VIPS_REGION_ADDR(region, 0, area->top + i),
- area->width * save->ready->Bands);
+ (size_t) area->width * save->ready->Bands);
webp->write_y += 1;
diff --git a/libvips/iofuncs/image.c b/libvips/iofuncs/image.c
index 7794a0bf1c..e6bcc4c05d 100644
--- a/libvips/iofuncs/image.c
+++ b/libvips/iofuncs/image.c
@@ -3241,7 +3241,7 @@ vips_image_write_line(VipsImage *image, int ypos, VipsPel *linebuffer)
/* Trigger evaluation callbacks for this image.
*/
- vips_image_eval(image, ypos * image->Xsize);
+ vips_image_eval(image, (guint64) ypos * image->Xsize);
if (vips_image_iskilled(image))
return -1;
diff --git a/libvips/iofuncs/sink.c b/libvips/iofuncs/sink.c
index 5ae8ea1e92..80821855fe 100644
--- a/libvips/iofuncs/sink.c
+++ b/libvips/iofuncs/sink.c
@@ -238,7 +238,7 @@ sink_area_allocate_fn(VipsThreadState *state, void *a, gboolean *stop)
/* Add the number of pixels we've just allocated to progress.
*/
- sink_base->processed += state->pos.width * state->pos.height;
+ sink_base->processed += (guint64) state->pos.width * state->pos.height;
return 0;
}
diff --git a/libvips/iofuncs/sinkdisc.c b/libvips/iofuncs/sinkdisc.c
index 86a2549837..718734fe3e 100644
--- a/libvips/iofuncs/sinkdisc.c
+++ b/libvips/iofuncs/sinkdisc.c
@@ -410,7 +410,7 @@ wbuffer_allocate_fn(VipsThreadState *state, void *a, gboolean *stop)
/* Add the number of pixels we've just allocated to progress.
*/
- sink_base->processed += state->pos.width * state->pos.height;
+ sink_base->processed += (guint64) state->pos.width * state->pos.height;
return 0;
}
diff --git a/libvips/iofuncs/sinkmemory.c b/libvips/iofuncs/sinkmemory.c
index 7808fc95f6..ba8994f47b 100644
--- a/libvips/iofuncs/sinkmemory.c
+++ b/libvips/iofuncs/sinkmemory.c
@@ -244,7 +244,7 @@ sink_memory_area_allocate_fn(VipsThreadState *state, void *a, gboolean *stop)
/* Add the number of pixels we've just allocated to progress.
*/
- sink_base->processed += state->pos.width * state->pos.height;
+ sink_base->processed += (guint64) state->pos.width * state->pos.height;
return 0;
}
diff --git a/libvips/mosaicing/matrixinvert.c b/libvips/mosaicing/matrixinvert.c
index 22bbb1cc4a..65303b9fa6 100644
--- a/libvips/mosaicing/matrixinvert.c
+++ b/libvips/mosaicing/matrixinvert.c
@@ -129,7 +129,7 @@ lu_decomp(VipsImage *mat)
/* copy all coefficients and then perform decomposition in-place */
memcpy(VIPS_MATRIX(lu, 0, 0), VIPS_MATRIX(mat, 0, 0),
- mat->Xsize * mat->Xsize * sizeof(double));
+ (size_t) mat->Xsize * mat->Xsize * sizeof(double));
for (i = 0; i < mat->Xsize; ++i) {
row_scale[i] = 0.0;
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy