From 383d69c421b289d247ec60966f87476a1988cc68 Mon Sep 17 00:00:00 2001 From: ed Date: Wed, 28 Aug 2019 10:41:04 +0100 Subject: [PATCH] Prevent integer overflow in BitmapData::getLinePointer() and BitmapData::getPixelPointer() --- modules/juce_graphics/images/juce_Image.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/juce_graphics/images/juce_Image.h b/modules/juce_graphics/images/juce_Image.h index 5e3b6700e5..10d2c36046 100644 --- a/modules/juce_graphics/images/juce_Image.h +++ b/modules/juce_graphics/images/juce_Image.h @@ -326,13 +326,13 @@ public: The coordinate you provide here isn't checked, so it's the caller's responsibility to make sure it's not out-of-range. */ - inline uint8* getLinePointer (int y) const noexcept { return data + y * lineStride; } + inline uint8* getLinePointer (int y) const noexcept { return data + (size_t) y * (size_t) lineStride; } /** Returns a pointer to a pixel in the image. The coordinates you give here are not checked, so it's the caller's responsibility to make sure they're not out-of-range. */ - inline uint8* getPixelPointer (int x, int y) const noexcept { return data + y * lineStride + x * pixelStride; } + inline uint8* getPixelPointer (int x, int y) const noexcept { return data + (size_t) y * (size_t) lineStride + (size_t) x * (size_t) pixelStride; } /** Returns the colour of a given pixel. For performance reasons, this won't do any bounds-checking on the coordinates, so it's the caller's