Some arithmetic overflow bugs found by libfuzzer

Hi, I've using libfuzzer to fuzz this crate. And I've found 2 API may panic due to arithmetic overflow.

Issue Description

We are getting crashes in adaptive_threshold function. The following code blocks triggers integer overflow.

https://github.com/image-rs/imageproc/blob/2bb334712bc39c1f20ad66e4f530208466d15612/src/integral_image.rs#L142 https://github.com/image-rs/imageproc/blob/2bb334712bc39c1f20ad66e4f530208466d15612/src/integral_image.rs#L174

Reproduction

Below is an example program that triggers an integer overflow. Simply calling imageproc::contrast::adaptive_threshold with specific image files triggers this vulnerability.

PoC

You can test both vulnerabilities by following the guide below.

Code:

use imageproc::contrast::adaptive_threshold;
use std::fs::read;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let file_path = "png_name";

    let buffer = read(file_path)?;

    let img = image::load_from_memory(&buffer)?;

    let rgb_image = img.to_luma8();

    let _ = adaptive_threshold(&rgb_image, 10);

    println!("Done.");
    Ok(())
}

first#174.png -> This input will trigger this vulnerable code block: https://github.com/image-rs/imageproc/blob/2bb334712bc39c1f20ad66e4f530208466d15612/src/integral_image.rs#L174

second#142.png -> This input will trigger this vulnerable code block: https://github.com/image-rs/imageproc/blob/2bb334712bc39c1f20ad66e4f530208466d15612/src/integral_image.rs#L142

image-rs / imageproc

Some arithmetic overflow bugs found by libfuzzer #537

Issue Description

Reproduction

PoC