From fcf8fc3eaa34996cb89b156ba15ced767dc42f08 Mon Sep 17 00:00:00 2001
From: Jeroen Bakker <jeroen@blender.org>
Date: Fri, 10 Dec 2021 10:37:46 +0100
Subject: Fix Crash: Loading Huge Images.

When loading huge images (30k) blender crashed with a buffer overflow.
The reason is that determine the length of a buffer was done in 32bit
precision and afterwards stored in 64 bit precision.

This patch adds a new function to do the correct calculation in 64bit.
It should be added to other sections in blender as well. But that should
be tested on a per case situation.
---
 source/blender/imbuf/intern/scaling.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source/blender/imbuf/intern/scaling.c')

diff --git a/source/blender/imbuf/intern/scaling.c b/source/blender/imbuf/intern/scaling.c
index 67d6cd68db5..a18ba6748de 100644
--- a/source/blender/imbuf/intern/scaling.c
+++ b/source/blender/imbuf/intern/scaling.c
@@ -911,7 +911,7 @@ static ImBuf *scaledownx(struct ImBuf *ibuf, int newx)
 {
   const int do_rect = (ibuf->rect != NULL);
   const int do_float = (ibuf->rect_float != NULL);
-  const size_t rect_size = ibuf->x * ibuf->y * 4;
+  const size_t rect_size = IMB_get_rect_len(ibuf) * 4;
 
   uchar *rect, *_newrect, *newrect;
   float *rectf, *_newrectf, *newrectf;
@@ -1052,7 +1052,7 @@ static ImBuf *scaledowny(struct ImBuf *ibuf, int newy)
 {
   const int do_rect = (ibuf->rect != NULL);
   const int do_float = (ibuf->rect_float != NULL);
-  const size_t rect_size = ibuf->x * ibuf->y * 4;
+  const size_t rect_size = IMB_get_rect_len(ibuf) * 4;
 
   uchar *rect, *_newrect, *newrect;
   float *rectf, *_newrectf, *newrectf;
-- 
cgit v1.2.3