From 58b9ac601e010ecce9232e248b3944ad029c711b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 17 Jan 2026 11:08:53 -0800 Subject: [PATCH] Avoid overflows in image size calculations Problem reported by Basil L. Contovounesios (bug#66221#89). * src/image.c (image_size_in_bytes, image_frame_cache_size): Use intptr_t for sizes of collections of objects. (struct anim_cache.byte_size, gif_load, Fimage_cache_size): Use intmax_t for sizes of either files or objects. --- src/image.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/image.c b/src/image.c index 71a091ea498..f55596cd1ba 100644 --- a/src/image.c +++ b/src/image.c @@ -2459,10 +2459,10 @@ evicted. */) return Qnil; } -static size_t +static intptr_t image_size_in_bytes (struct image *img) { - size_t size = 0; + intptr_t size = 0; #if defined USE_CAIRO Emacs_Pixmap pm = img->pixmap; @@ -2507,14 +2507,14 @@ image_size_in_bytes (struct image *img) return size; } -static size_t +static intptr_t image_frame_cache_size (struct frame *f) { struct image_cache *c = FRAME_IMAGE_CACHE (f); if (!c) return 0; - size_t total = 0; + intptr_t total = 0; for (ptrdiff_t i = 0; i < c->used; ++i) { struct image *img = c->images[i]; @@ -3695,7 +3695,7 @@ struct anim_cache We don't actually know how much memory the different libraries actually use here (since these cache structures are opaque), so this is mostly just the size of the original image file. */ - int byte_size; + intmax_t byte_size; struct timespec update_time; struct anim_cache *next; }; @@ -9833,7 +9833,7 @@ gif_load (struct frame *f, struct image *img) struct anim_cache* cache = NULL; /* Which sub-image are we to display? */ Lisp_Object image_number = image_spec_value (img->spec, QCindex, NULL); - int byte_size = 0; + intmax_t byte_size = 0; idx = FIXNUMP (image_number) ? XFIXNAT (image_number) : 0; @@ -12769,7 +12769,7 @@ DEFUN ("image-cache-size", Fimage_cache_size, Simage_cache_size, 0, 0, 0, (void) { Lisp_Object tail, frame; - size_t total = 0; + intmax_t total = 0; FOR_EACH_FRAME (tail, frame) if (FRAME_WINDOW_P (XFRAME (frame)))