Closed radarhere closed 1 month ago
Resolves #8401
tablen is an integer https://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/Sgi.h#L22
tablen
and before we set it to im->bands * im->ysize, we check that the value will be less than INT_MAX https://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/SgiRleDecode.c#L170-L172
im->bands * im->ysize
INT_MAX
but we then temporarily multiply it by 8, which might exceed INT_MAX. https://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/SgiRleDecode.c#L181-L186
So this PR casts it to int64_t before applying the multiplication.
int64_t
Resolves #8401
tablenis an integer https://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/Sgi.h#L22and before we set it to
im->bands * im->ysize, we check that the value will be less thanINT_MAXhttps://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/SgiRleDecode.c#L170-L172but we then temporarily multiply it by 8, which might exceed
INT_MAX. https://github.com/python-pillow/Pillow/blob/b557876ec3aa4d5d236d8044519f1c613031fbee/src/libImaging/SgiRleDecode.c#L181-L186So this PR casts it to
int64_tbefore applying the multiplication.