[patch] ngx_http_image_filter_module incorrectly calculates size

Maxim Dounin mdounin at mdounin.ru
Fri Apr 20 12:48:51 UTC 2012


Hello!

On Fri, Apr 20, 2012 at 03:25:07PM +0400, Maxim Bublis wrote:

[...]

> > Something like this should be correct solution to eliminate the
> > problem:
> >
> > --- a/src/http/modules/ngx_http_image_filter_module.c
> > +++ b/src/http/modules/ngx_http_image_filter_module.c
> > @@ -817,9 +817,7 @@ transparent:
> >
> >         resize = 0;
> >
> > -        if ((ngx_uint_t) (dx * 100 / dy)
> > -            < ctx->max_width * 100 / ctx->max_height)
> > -        {
> > +        if (dx * ctx->max_height < dy * ctx->max_width) {
> >             if ((ngx_uint_t) dx > ctx->max_width) {
> >                 dy = dy * ctx->max_width / dx;
> >                 dy = dy ? dy : 1;
> 
> I think it should be correct solution if multiplication of either dx
> and ctx->max_height or dy and ctx->max_width would not result in
> integer overflow in case when both dx and ctx->max_height or dy and
> ctx->max_height are rather large integers.

While real-world image sizes shouldn't be the problem (and if they 
will, we'll notice this in other places as these multiplications 
are done anyway), but I missed the special case of '-' in config, 
which will result in max_width / max_height being set to maximum 
possible value.

The following patch should be better:

--- a/src/http/modules/ngx_http_image_filter_module.c
+++ b/src/http/modules/ngx_http_image_filter_module.c
@@ -817,9 +817,7 @@ transparent:
 
         resize = 0;
 
-        if ((ngx_uint_t) (dx * 100 / dy)
-            < ctx->max_width * 100 / ctx->max_height)
-        {
+        if ((double) dx / dy < (double) ctx->max_width / ctx->max_height) {
             if ((ngx_uint_t) dx > ctx->max_width) {
                 dy = dy * ctx->max_width / dx;
                 dy = dy ? dy : 1;


Maxim Dounin



More information about the nginx-devel mailing list