[patch] ngx_http_image_filter_module incorrectly calculates size
Maxim Dounin
mdounin at mdounin.ru
Fri Apr 20 12:48:51 UTC 2012
Hello!
On Fri, Apr 20, 2012 at 03:25:07PM +0400, Maxim Bublis wrote:
[...]
> > Something like this should be correct solution to eliminate the
> > problem:
> >
> > --- a/src/http/modules/ngx_http_image_filter_module.c
> > +++ b/src/http/modules/ngx_http_image_filter_module.c
> > @@ -817,9 +817,7 @@ transparent:
> >
> > resize = 0;
> >
> > - if ((ngx_uint_t) (dx * 100 / dy)
> > - < ctx->max_width * 100 / ctx->max_height)
> > - {
> > + if (dx * ctx->max_height < dy * ctx->max_width) {
> > if ((ngx_uint_t) dx > ctx->max_width) {
> > dy = dy * ctx->max_width / dx;
> > dy = dy ? dy : 1;
>
> I think it should be correct solution if multiplication of either dx
> and ctx->max_height or dy and ctx->max_width would not result in
> integer overflow in case when both dx and ctx->max_height or dy and
> ctx->max_height are rather large integers.
While real-world image sizes shouldn't be the problem (and if they
will, we'll notice this in other places as these multiplications
are done anyway), but I missed the special case of '-' in config,
which will result in max_width / max_height being set to maximum
possible value.
The following patch should be better:
--- a/src/http/modules/ngx_http_image_filter_module.c
+++ b/src/http/modules/ngx_http_image_filter_module.c
@@ -817,9 +817,7 @@ transparent:
resize = 0;
- if ((ngx_uint_t) (dx * 100 / dy)
- < ctx->max_width * 100 / ctx->max_height)
- {
+ if ((double) dx / dy < (double) ctx->max_width / ctx->max_height) {
if ((ngx_uint_t) dx > ctx->max_width) {
dy = dy * ctx->max_width / dx;
dy = dy ? dy : 1;
Maxim Dounin
More information about the nginx-devel
mailing list