prevent integer overflow in multiplication

strukturag · Dec 18, 2024 · 97e517d · 97e517d
1 parent 5aabdab
commit 97e517d
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 8 deletions.
diff --git a/libheif/common_utils.cc b/libheif/common_utils.cc
@@ -62,6 +62,38 @@ uint8_t chroma_v_subsampling(heif_chroma c)
 }
 
 
+uint32_t get_subsampled_size_h(uint32_t width,
+                               heif_channel channel,
+                               heif_chroma chroma,
+                               bool round_up)
+{
+  if (channel == heif_channel_Cb ||
+      channel == heif_channel_Cr) {
+    uint8_t chromaSubH = chroma_h_subsampling(chroma);
+
+    // NOLINTNEXTLINE(clang-analyzer-core.DivideZero)
+    return (width + (round_up ? chromaSubH - 1 : 0)) / chromaSubH;
+  } else {
+    return width;
+  }
+}
+
+uint32_t get_subsampled_size_v(uint32_t height,
+                               heif_channel channel,
+                               heif_chroma chroma,
+                               bool round_up)
+{
+  if (channel == heif_channel_Cb ||
+      channel == heif_channel_Cr) {
+    uint8_t chromaSubV = chroma_v_subsampling(chroma);
+
+    // NOLINTNEXTLINE(clang-analyzer-core.DivideZero)
+    return (height + (round_up ? chromaSubV - 1 : 0)) / chromaSubV;
+  } else {
+    return height;
+  }
+}
+
 void get_subsampled_size(uint32_t width, uint32_t height,
                          heif_channel channel,
                          heif_chroma chroma,

diff --git a/libheif/common_utils.h b/libheif/common_utils.h
@@ -49,6 +49,16 @@ uint8_t chroma_h_subsampling(heif_chroma c);
 
 uint8_t chroma_v_subsampling(heif_chroma c);
 
+uint32_t get_subsampled_size_h(uint32_t width,
+                               heif_channel channel,
+                               heif_chroma chroma,
+                               bool round_up);
+
+uint32_t get_subsampled_size_v(uint32_t height,
+                               heif_channel channel,
+                               heif_chroma chroma,
+                               bool round_up);
+
 void get_subsampled_size(uint32_t width, uint32_t height,
                          heif_channel channel,
                          heif_chroma chroma,

diff --git a/libheif/pixelimage.cc b/libheif/pixelimage.cc
@@ -1014,7 +1014,7 @@ int HeifPixelImage::ImagePlane::get_bytes_per_pixel() const
 Result<std::shared_ptr<HeifPixelImage>> HeifPixelImage::crop(uint32_t left, uint32_t right, uint32_t top, uint32_t bottom,
                                                              const heif_security_limits* limits) const
 {
-  // --- for some subsampled chroma colorspaces, we have to transform to 4:4:4 before rotation
+  // --- for some subsampled chroma colorspaces, we have to transform to 4:4:4 before cropping
 
   bool need_conversion = false;
 
@@ -1050,13 +1050,10 @@ Result<std::shared_ptr<HeifPixelImage>> HeifPixelImage::crop(uint32_t left, uint
     heif_channel channel = plane_pair.first;
     const ImagePlane& plane = plane_pair.second;
 
-    uint32_t w = plane.m_width;
-    uint32_t h = plane.m_height;
-
-    uint32_t plane_left = left * w / m_width;
-    uint32_t plane_right = right * w / m_width;
-    uint32_t plane_top = top * h / m_height;
-    uint32_t plane_bottom = bottom * h / m_height;
+    uint32_t plane_left = get_subsampled_size_h(left, channel, m_chroma, false); // is always divisible
+    uint32_t plane_right = get_subsampled_size_h(right, channel, m_chroma, true); // keep more chroma
+    uint32_t plane_top = get_subsampled_size_v(top, channel, m_chroma, false); // is always divisible
+    uint32_t plane_bottom = get_subsampled_size_v(bottom, channel, m_chroma, true); // keep more chroma
 
     auto err = out_img->add_channel(channel,
                                     plane_right - plane_left + 1,