Add typecast to prevent overflow of arithmatic results

Change-Id: I97665ec4d67ecae523eb236667f538cbc78e033c
(cherry picked from commit 4e83674d5adcada847e07b35252542afc5b2636d)

diff --git a/packaging/libheif.spec b/packaging/libheif.spec
index d5b8617ca086d27ce3357ce45b360d492a83db6f..c9c19911cdba0350ce0ddc48998ca8ae842c0eb3 100644 (file)
--- a/packaging/libheif.spec
+++ b/packaging/libheif.spec
@@ -1,6 +1,6 @@
 Name:       libheif
 Summary:    Multimedia Framework Library for HEIF(ISO/IEC 23008-12) image
-Version:    0.0.7
+Version:    0.0.8
 Release:    0
 Group:      Multimedia/Libraries
 License:    Apache-2.0

diff --git a/src/heif_decoder.c b/src/heif_decoder.c
index 84df26dd33ae4e44342cfbcd38b248823a37c618..c3636c8becf70a44021208e7ef2ee64e13a4a570 100644 (file)
--- a/src/heif_decoder.c
+++ b/src/heif_decoder.c
@@ -183,13 +183,14 @@ static size_t __get_image_data_size(unsigned int width, unsigned int height, hei
 {
        size_t data_size = 0;
        size_t y_size = 0, u_size = 0, v_size = 0;
+       size_t _width = (size_t)width;
 
        heif_retvm_if_failed(width > 0, 0, "invalid width");
        heif_retvm_if_failed(height > 0, 0, "invalid height");
 
        switch (color_format) {
        case HEIF_COLOR_FORMAT_RGB24:
-               data_size = width * height * 3;
+               data_size = _width * height * 3;
                break;
 
        case HEIF_COLOR_FORMAT_ARGB:
@@ -197,13 +198,13 @@ static size_t __get_image_data_size(unsigned int width, unsigned int height, hei
        case HEIF_COLOR_FORMAT_BGRA:
                // fall through
        case HEIF_COLOR_FORMAT_RGBA:
-               data_size = width * height * 4;
+               data_size = _width * height * 4;
                break;
 
        case HEIF_COLOR_FORMAT_YUV420P:
-               y_size = width * height;
-               u_size = width / 2 * height / 2;
-               v_size = width / 2 * height / 2;
+               y_size = _width * height;
+               u_size = _width / 2 * height / 2;
+               v_size = _width / 2 * height / 2;
                heif_info("y_size: %zu, u_size: %zu, v_size: %zu", y_size, u_size, v_size);
                data_size = y_size + u_size + v_size;
                break;
@@ -252,7 +253,7 @@ static int __create_output_image(heif_image_item_h image_item, heif_color_format
 static int __combine_rgb(heif_image_t *tile_image, unsigned int pos_x, unsigned int pos_y, heif_image_t *combine_image)
 {
        unsigned int bpp = 0;   /* byte per pixel */
-       unsigned int combine_stride = 0, tile_stride = 0;
+       size_t combine_stride = 0, tile_stride = 0;
        unsigned int row = 0;
        size_t copy_n = 0;
        size_t total_copied_n = 0;
@@ -282,9 +283,9 @@ static int __combine_rgb(heif_image_t *tile_image, unsigned int pos_x, unsigned
        }
 
        // combine_stride: row-bytes of combine_image
-       combine_stride = combine_image->width * bpp;
+       combine_stride = (size_t)(combine_image->width) * bpp;
        // tile_stride: row-bytes of tile
-       tile_stride = tile_image->width * bpp;
+       tile_stride = (size_t)(tile_image->width) * bpp;
        // copy_n: bytes to copy to combine_image
        // Because the tile image was designed by the encoder limit of the device that was taken.
        // The tile image doesn't make up the whole image(combine_image) properly.
@@ -334,8 +335,7 @@ static int __combine_rgb(heif_image_t *tile_image, unsigned int pos_x, unsigned
 
 static int __combine_yuv(heif_image_t *tile_image, unsigned int pos_x, unsigned int pos_y, heif_image_t *combine_image)
 {
-       unsigned int combine_stride = 0;
-       unsigned int tile_stride = 0;
+       size_t combine_stride = 0, tile_stride = 0;
        unsigned int row = 0;
        size_t copy_n = 0;
        size_t total_copied_n[3] = { 0, };

diff --git a/test/test.sh b/test/test.sh
index a5de2eb08851ad5f77e06a8568034303338ff6fe..cb7ca34e675b8fdd0ad2a135661d47b204342361 100755 (executable)
--- a/test/test.sh
+++ b/test/test.sh
@@ -18,7 +18,7 @@
 
 @echo off
 # VERSION should be same with library version.
-VERSION=0.0.4
+VERSION=0.0.8
 ARM=armv7l
 X86=i586
 AARCH64=aarch64