hopefully avoid coverity complaining about a float vs int comparison

diff --git a/Changes b/Changes
index 4ee4a8be079f702ca87dd80299f89dd834d9c26f..ec1ffd9d49c0340eeb42fa7be82487b667762ef6 100644 (file)
--- a/Changes
+++ b/Changes
@@ -118,6 +118,9 @@ Lower severity (according to Coverity):
  - i_img_info() (C API) no longer tries to handle a NULL image object
    pointer.  CID 185298.
 
+ - re-work testing for size_t overflow for circle/random
+   super-sampling for fountain fills.  CID 185304.
+
 [1] The first two build submissions ended up at the end of a ~400
 build queue, and seemed to have been cancelled by Coverity.  A build
 submitted on NYE went through in minutes.

diff --git a/filters.im b/filters.im
index 51f2d10036f2bab20a8b1183a335bed2d52f2400..7c23a5a56ab0fa4d5779c9cb58d03aa22f286d59 100644 (file)
--- a/filters.im
+++ b/filters.im
@@ -1972,11 +1972,13 @@ fount_init_state(struct fount_state *state, double xa, double ya,
   case i_fts_random:
   case i_fts_circle:
     ssample_param = floor(0.5+ssample_param);
-    bytes = sizeof(i_fcolor) * ssample_param;
-    if (bytes / sizeof(i_fcolor) == ssample_param) {
-      state->ssample_data = mymalloc(sizeof(i_fcolor) * ssample_param);
+    if (im_size_t_max / sizeof(i_fcolor) > ssample_param) {
+      bytes = sizeof(i_fcolor) * ssample_param;
+      state->ssample_data = mymalloc(bytes);
     }
     else {
+      dIMCTX;
+      im_log((aIMCTX, 1,"size_t overflow calculating super-sample array size for random or circl"));
       super_sample = i_fts_none;
     }
     break;

diff --git a/imageri.h b/imageri.h
index 2848bcfc944cd9aba952f7ef6f59a32955dcfb3f..14d1d23ced965f2454afca679ecd36698c1a456c 100644 (file)
--- a/imageri.h
+++ b/imageri.h
@@ -143,4 +143,6 @@ typedef struct im_context_tag {
 
 #define DEF_BYTES_LIMIT 0x40000000
 
+#define im_size_t_max (~(size_t)0)
+
 #endif