juce-framework
[Bug]: Pointer overflow in JUCE/modules/juce_graphics/images/juce_Image.h
Detailed steps on how to reproduce the bug
Run any JUCE based app which is using class juce_Image under Xcode thread sanitizer(turn on undefined behaviour checkbox). Observe pointer overflow in function
inline uint8* getPixelPointer (int x, int y) const noexcept {
return data + (size_t) y * (size_t) lineStride + (size_t) x * (size_t) pixelStride;
}
What is the expected behaviour?
Proper uint64_t overflow check should be added
https://codeql.github.com/codeql-query-help/cpp/cpp-pointer-overflow-check/
Operating systems
macOS
What versions of the operating systems?
OSX 12.6.6
Architectures
64-bit
Stacktrace
No response
Plug-in formats (if applicable)
No response
Plug-in host applications (DAWs) (if applicable)
No response
Testing on the develop branch
I have not tested against the develop branch
Code of Conduct
- [X] I agree to follow the Code of Conduct
I'm unable to reproduce this issue using the develop branch, testing with the GraphicsDemo in the DemoRunner.
Please can you test out the develop branch and see whether the issue is fixed there? Thanks!
@reuk thanks for quick reply. Don't see any diff in this line in compare to our version. https://github.com/juce-framework/JUCE/blob/develop/modules/juce_graphics/images/juce_Image.h#L334
so overflow is still there.
Did you try building and running from develop? It's possible that this function is no longer called at all with the combination of parameters that cause the problem. That is, a fix doesn't necessarily require changing that particular function.