Closed farindk closed 2 months ago
This is why we should have stuck to the _minus_1
:-) Of course then the overflow could just happen later.
I'll take care of this one.
I really would like to have C++ integer types that have a limited range (e.g. `int<-1,1024>'). Then we would not constantly have issues of signed vs unsigned or +1 overflows like this.
I really would like to have C++ integer types that have a limited range (e.g. `int<-1,1024>'). Then we would not constantly have issues of signed vs unsigned or +1 overflows like this.
In writing the unit test I found I had an off-by-one error in my comparison...
@bradh I got a fuzzer hitting an integer overflow:
https://github.com/strukturag/libheif/blob/9d4a5107c469c76fec7146b896819bc215a66fbe/libheif/codecs/uncompressed_box.cc#L263-265
Probably, it is enough to output an error when the number of tiles exceeds a sensible maximum.