Fix 32bit multiply with overflow issue for images.

Fix multiply with overflow issue when image locations in the worksheet were greater than the u32 max value.
jmcnamara · Aug 12, 2023 · 3be88ba · 3be88ba
1 parent 4aaca54
commit 3be88ba
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 8 deletions.
diff --git a/include/xlsxwriter/drawing.h b/include/xlsxwriter/drawing.h
@@ -45,8 +45,8 @@ typedef struct lxw_drawing_object {
     uint8_t anchor;
     struct lxw_drawing_coords from;
     struct lxw_drawing_coords to;
-    uint32_t col_absolute;
-    uint32_t row_absolute;
+    uint64_t col_absolute;
+    uint64_t row_absolute;
     uint32_t width;
     uint32_t height;
     uint8_t shape;

diff --git a/include/xlsxwriter/worksheet.h b/include/xlsxwriter/worksheet.h
@@ -1944,8 +1944,8 @@ typedef struct lxw_vml_obj {
     lxw_col_t start_col;
     int32_t x_offset;
     int32_t y_offset;
-    uint32_t col_absolute;
-    uint32_t row_absolute;
+    uint64_t col_absolute;
+    uint64_t row_absolute;
     uint32_t width;
     uint32_t height;
     double x_dpi;

diff --git a/include/xlsxwriter/xmlwriter.h b/include/xlsxwriter/xmlwriter.h
@@ -55,7 +55,7 @@ STAILQ_HEAD(xml_attribute_list, xml_attribute);
 /* Create a new attribute struct to add to a xml_attribute_list. */
 struct xml_attribute *lxw_new_attribute_str(const char *key,
                                             const char *value);
-struct xml_attribute *lxw_new_attribute_int(const char *key, uint32_t value);
+struct xml_attribute *lxw_new_attribute_int(const char *key, int64_t value);
 struct xml_attribute *lxw_new_attribute_dbl(const char *key, double value);
 
 /* Macro to initialize the xml_attribute_list pointers. */

diff --git a/src/worksheet.c b/src/worksheet.c
@@ -2993,7 +2993,6 @@ _worksheet_position_object_pixels(lxw_worksheet *self,
     drawing_object->to.row_offset = y2;
     drawing_object->col_absolute = x_abs;
     drawing_object->row_absolute = y_abs;
-
 }
 
 /*

diff --git a/src/xmlwriter.c b/src/xmlwriter.c
@@ -425,12 +425,12 @@ lxw_new_attribute_str(const char *key, const char *value)
 
 /* Create a new integer XML attribute. */
 struct xml_attribute *
-lxw_new_attribute_int(const char *key, uint32_t value)
+lxw_new_attribute_int(const char *key, int64_t value)
 {
     struct xml_attribute *attribute = malloc(sizeof(struct xml_attribute));
 
     LXW_ATTRIBUTE_COPY(attribute->key, key);
-    lxw_snprintf(attribute->value, LXW_MAX_ATTRIBUTE_LENGTH, "%d", value);
+    lxw_snprintf(attribute->value, LXW_MAX_ATTRIBUTE_LENGTH, "%lld", value);
 
     return attribute;
 }

diff --git a/test/functional/src/test_image58.c b/test/functional/src/test_image58.c
@@ -0,0 +1,20 @@
+/*****************************************************************************
+ * Test cases for libxlsxwriter.
+ *
+ * Test to compare output against Excel files.
+ *
+ * Copyright 2014-2023, John McNamara, [email protected]
+ *
+ */
+
+#include "xlsxwriter.h"
+
+int main() {
+
+    lxw_workbook  *workbook  = workbook_new("test_image58.xlsx");
+    lxw_worksheet *worksheet = workbook_add_worksheet(workbook, NULL);
+
+    worksheet_insert_image(worksheet, CELL("A1048573"), "images/red.png");
+
+    return workbook_close(workbook);
+}
diff --git a/test/functional/test_image.py b/test/functional/test_image.py
@@ -160,6 +160,9 @@ def test_image56(self):
     def test_image57(self):
         self.run_exe_test('test_image57')
 
+    def test_image58(self):
+        self.run_exe_test('test_image58')
+
     # Test in-memory image handling.
     def test_image81(self):
         self.run_exe_test('test_image81', 'image01.xlsx')

diff --git a/test/functional/xlsx_files/image58.xlsx b/test/functional/xlsx_files/image58.xlsx