Skip to content

Potential fix for code scanning alert no. 3242: Multiplication result converted to larger type#132

Closed
bniladridas wants to merge 1 commit into
mainfrom
alert-autofix-3242
Closed

Potential fix for code scanning alert no. 3242: Multiplication result converted to larger type#132
bniladridas wants to merge 1 commit into
mainfrom
alert-autofix-3242

Conversation

@bniladridas

@bniladridas bniladridas commented May 4, 2026

Copy link
Copy Markdown
Member

Potential fix for https://github.com/bniladridas/hybrid-compute/security/code-scanning/3242

To fix this, force the multiplication to occur in double before calling pow, by casting one operand to double (preferably the indexed sample value). This preserves behavior for normal inputs while eliminating the pre-promotion overflow risk flagged by CodeQL.

In include/stb_image.h, within stbi__hdr_to_ldr around line 2087, update:

  • from: pow(data[i * comp + k] * stbi__h2l_scale_i, stbi__h2l_gamma_i)
  • to: pow((double)data[i * comp + k] * (double)stbi__h2l_scale_i, (double)stbi__h2l_gamma_i)

No new imports or helper methods are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@bniladridas @github-advanced-security
Potential fix for code scanning alert no. 3242: Multiplication result…
69b8c20 
… converted to larger type

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@changeset-bot

changeset-bot Bot commented May 4, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 69b8c20

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

github-actions Bot commented May 4, 2026

Copy link
Copy Markdown
Contributor

☑️ I checked the pre-commit hooks and there was nothing to fix at commit 69b8c20.

@github-actions github-actions Bot added the core label May 4, 2026
@bniladridas bniladridas mentioned this pull request May 4, 2026
Merged
bniladridas added a commit that referenced this pull request May 4, 2026
@bniladridas @github-advanced-security
fix: combine alert fixes 3235–3249 (#140)
653a895 
Combines all 15 automated code scanning alert fixes for multiplication
result converted to larger type. These changes span
`include/stb_image.h`, `include/stb_image_write.h`, and
`src/preprocess.c` with consistent application of `size_t` casts to
prevent integer overflow before conversion to larger types. Overflow
checks are added where allocation sizes are stored back into `int`
variables such as `out_size`.

> [!NOTE]
> Merging this pull request will automatically close #125, #126, #127,
#128, #129, #130, #131, #132, #133, #134, #135, #136, #137, #138, #139

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Niladri Das <bniladridas@users.noreply.github.com>
@bniladridas

bniladridas commented May 4, 2026

Copy link
Copy Markdown
Member Author

Fixed in #140

@bniladridas bniladridas closed this May 4, 2026
@bniladridas bniladridas deleted the alert-autofix-3242 branch May 4, 2026 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bniladridas