On Fri, 11 Sep 2009 15:44:53 +0200, Enlightenment SVN <no-...@en...> wrote: > Log: > 1. make max image size a #define > 2. max image size > 65536x65536 I think there is trouble here. 65536 = 0x10000, so 65536 * 65536 is 0x100000000 = 0 on 32 bit systems. When the image data buffer is allocated it is probably like malloc(w * h * 4), assuming 4 byte/pixel. On 32 bit systems this overflows when w*h >= 0x40000000 (e.g. w = h = 32768). The image dimensions w,h are stored in Image_Entry as ints, i.e. 32 bit signed on most systems. This means that w*h*4 is an int and becomes "negative" when w*h >= 0x20000000 (e.g. w = h > 23170). This is not a problem on 32 bit systems as long as there is no 32 bit overflow (the implicit cast to size_t in malloc "handles" this). However, on 64 bit systems (my x86_64 box and gcc, things may differ on other systems) a "negative" w*h*4 will become a huge number when cast to size_t. So, I think that if a fixed w/h limit is desired the safe value is 23170. If w and h were unsigned (or casts added everywhere appropriate) it could be 32767. Otherwise one could test something like (((unsigned long long)w * (unsigned long long)h * 4) < (1ULL << 32)). On 64 bit systems you can of course access more than 1G 4 byte pixels so maybe that should be handled too. /Kim |