[gimp] plug-ins: fix integer overflow in print-draw-page.c

From: Jacob Boerema <jboerema src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp] plug-ins: fix integer overflow in print-draw-page.c
Date: Mon, 25 Apr 2022 18:21:37 +0000 (UTC)

commit cd4401fee470438a7ca9201822d2e891415fdb31
Author: Jacob Boerema <jgboerema gmail com>
Date:   Mon Apr 25 14:21:01 2022 -0400

    plug-ins: fix integer overflow in print-draw-page.c
    
    As mentioned by Massimo in issue #6618, part of the problem there is an
    integer overflow when using large size images when computing the offset
    in pixels.
    
    Let's fix our part of the problem by casting to guint64.
    Besides that, also use casts to correctly compute progress for very
    large images.

 plug-ins/print/print-draw-page.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/plug-ins/print/print-draw-page.c b/plug-ins/print/print-draw-page.c
index 324d1a8428..0f264efc53 100644
--- a/plug-ins/print/print-draw-page.c
+++ b/plug-ins/print/print-draw-page.c
@@ -99,7 +99,7 @@ print_surface_from_drawable (GimpDrawable  *drawable,
   guchar             *pixels;
   gint                stride;
   guint               count    = 0;
-  guint               done     = 0;
+  guint64             done     = 0;
 
   if (gimp_drawable_has_alpha (drawable))
     format = babl_format ("cairo-ARGB32");
@@ -145,7 +145,7 @@ print_surface_from_drawable (GimpDrawable  *drawable,
   while (gegl_buffer_iterator_next (iter))
     {
       const guchar *src  = iter->items[0].data;
-      guchar       *dest = pixels + iter->items[0].roi.y * stride + iter->items[0].roi.x * 4;
+      guchar       *dest = pixels + (guint64) iter->items[0].roi.y * stride + iter->items[0].roi.x * 4;
       gint          y;
 
       for (y = 0; y < iter->items[0].roi.height; y++)
@@ -156,10 +156,10 @@ print_surface_from_drawable (GimpDrawable  *drawable,
           dest += stride;
         }
 
-      done += iter->items[0].roi.height * iter->items[0].roi.width;
+      done += (guint64) iter->items[0].roi.height * iter->items[0].roi.width;
 
       if (count++ % 16 == 0)
-        gimp_progress_update ((gdouble) done / (width * height));
+        gimp_progress_update ((gdouble) done / ((gdouble) width * height));
     }
 
   g_object_unref (buffer);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]