[Bug]: Pointer overflow in JUCE/modules/juce_graphics/images/juce_Image.h

[NickolayGerasimenko]

Detailed steps on how to reproduce the bug

Run any JUCE based app which is using class juce_Image under Xcode thread sanitizer(turn on undefined behaviour checkbox). Observe pointer overflow in function

inline uint8* getPixelPointer (int x, int y) const noexcept  { 
     return data + (size_t) y * (size_t) lineStride + (size_t) x * (size_t) pixelStride;
}

What is the expected behaviour?

Proper uint64_t overflow check should be added https://codeql.github.com/codeql-query-help/cpp/cpp-pointer-overflow-check/

Operating systems

macOS

What versions of the operating systems?

OSX 12.6.6

Architectures

64-bit

Stacktrace

No response

Plug-in formats (if applicable)

No response

Plug-in host applications (DAWs) (if applicable)

No response

Testing on the develop branch

I have not tested against the develop branch

Code of Conduct

• [X] I agree to follow the Code of Conduct

[reuk]

I'm unable to reproduce this issue using the develop branch, testing with the GraphicsDemo in the DemoRunner.

Please can you test out the develop branch and see whether the issue is fixed there? Thanks!

[NickolayGerasimenko]

@reuk thanks for quick reply. Don't see any diff in this line in compare to our version. https://github.com/juce-framework/JUCE/blob/develop/modules/juce_graphics/images/juce_Image.h#L334

so overflow is still there.

[reuk]

Did you try building and running from develop? It's possible that this function is no longer called at all with the combination of parameters that cause the problem. That is, a fix doesn't necessarily require changing that particular function.