From fcf8fc3eaa34996cb89b156ba15ced767dc42f08 Mon Sep 17 00:00:00 2001 From: Jeroen Bakker Date: Fri, 10 Dec 2021 10:37:46 +0100 Subject: [PATCH] Fix Crash: Loading Huge Images. When loading huge images (30k) blender crashed with a buffer overflow. The reason is that determine the length of a buffer was done in 32bit precision and afterwards stored in 64 bit precision. This patch adds a new function to do the correct calculation in 64bit. It should be added to other sections in blender as well. But that should be tested on a per case situation. --- source/blender/imbuf/IMB_imbuf.h | 11 +++++++++++ source/blender/imbuf/intern/allocimbuf.c | 5 +++++ source/blender/imbuf/intern/scaling.c | 4 ++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/source/blender/imbuf/IMB_imbuf.h b/source/blender/imbuf/IMB_imbuf.h index 6e8bed148d5..daa3dbd1f1a 100644 --- a/source/blender/imbuf/IMB_imbuf.h +++ b/source/blender/imbuf/IMB_imbuf.h @@ -200,6 +200,17 @@ bool addzbuffloatImBuf(struct ImBuf *ibuf); */ size_t IMB_get_size_in_memory(struct ImBuf *ibuf); +/** + * \brief Get the length of the rect of the given image buffer in terms of pixels. + * + * This is the width * the height of the image buffer. + * This function is preferred over `ibuf->x * ibuf->y` due to overflow issues when + * working with large resolution images (30kx30k). + * + * \attention Defined in allocimbuf.c + */ +size_t IMB_get_rect_len(const struct ImBuf *ibuf); + /** * * \attention Defined in rectop.c diff --git a/source/blender/imbuf/intern/allocimbuf.c b/source/blender/imbuf/intern/allocimbuf.c index 9bace323372..197d7e6b1d5 100644 --- a/source/blender/imbuf/intern/allocimbuf.c +++ b/source/blender/imbuf/intern/allocimbuf.c @@ -663,6 +663,11 @@ ImBuf *IMB_dupImBuf(const ImBuf *ibuf1) return ibuf2; } +size_t IMB_get_rect_len(const ImBuf *ibuf) +{ + return (size_t)ibuf->x * (size_t)ibuf->y; +} + size_t IMB_get_size_in_memory(ImBuf *ibuf) { int a; diff --git a/source/blender/imbuf/intern/scaling.c b/source/blender/imbuf/intern/scaling.c index 67d6cd68db5..a18ba6748de 100644 --- a/source/blender/imbuf/intern/scaling.c +++ b/source/blender/imbuf/intern/scaling.c @@ -911,7 +911,7 @@ static ImBuf *scaledownx(struct ImBuf *ibuf, int newx) { const int do_rect = (ibuf->rect != NULL); const int do_float = (ibuf->rect_float != NULL); - const size_t rect_size = ibuf->x * ibuf->y * 4; + const size_t rect_size = IMB_get_rect_len(ibuf) * 4; uchar *rect, *_newrect, *newrect; float *rectf, *_newrectf, *newrectf; @@ -1052,7 +1052,7 @@ static ImBuf *scaledowny(struct ImBuf *ibuf, int newy) { const int do_rect = (ibuf->rect != NULL); const int do_float = (ibuf->rect_float != NULL); - const size_t rect_size = ibuf->x * ibuf->y * 4; + const size_t rect_size = IMB_get_rect_len(ibuf) * 4; uchar *rect, *_newrect, *newrect; float *rectf, *_newrectf, *newrectf;