Add enforce to check for integer overflow

[kevinbackhouse]

fixes: #3513

[kevinbackhouse]

@mergify backport 0.28.x

[mergify]

backport 0.28.x

✅ Backports have been created

Details

• #3517 Add enforce to check for integer overflow (backport #3514) has been created for branch 0.28.x but encountered conflicts

Cherry-pick of 7adedce has failed:

On branch mergify/bp/0.28.x/pr-3514
Your branch is up to date with 'origin/0.28.x'.

You are currently cherry-picking commit 7adedce8.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   test/data/issue_3513_poc.psd
	new file:   tests/bugfixes/github/test_issue_3513.py

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   tests/regression_tests/test_regression_allfiles.py

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[Copilot]

Pull request overview

Adds a regression test and a defensive enforce check to prevent integer overflow while parsing PSD resource blocks (issue #3513).

Changes:

• Added a new system test for issue #3513 expecting kerCorruptedMetadata.
• Added the PoC PSD file to the regression “all files” list.
• Added an Internal::enforce bound check before casting/using preview size in PsdImage::readResourceBlock.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.

File	Description
tests/regression_tests/test_regression_allfiles.py	Includes the issue #3513 PSD PoC in the regression corpus.
tests/bugfixes/github/test_issue_3513.py	Adds a targeted system test asserting the expected failure mode.
src/psdimage.cpp	Adds an overflow guard when handling native preview resource sizes; minor comment formatting cleanup.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

get_valid_files now includes issue_3513_poc.psd, but the added dedicated test expects this file to fail with kerCorruptedMetadata. This mismatch makes the intent of the “valid files” list harder to understand. Consider either (a) moving this PoC to a separate list for negative/invalid inputs, or (b) adding an inline comment clarifying that this file is intentionally malformed but included for non-crash coverage (if that’s the purpose of this list).

Suggested change

	"xmpsdk.xmp",
	"xmpsdk.xmp",
	# Intentionally malformed PoC covered by a dedicated test that expects
	# kerCorruptedMetadata; keep it out of the generic "valid files" run.

[Copilot]

The test class name mixes conventions (lowercase test_... prefix plus PsdImage_readResourceBlock). For readability and consistency with common Python conventions, consider using CapWords for the class name (while keeping the file and/or test discovery patterns intact if required by system_tests).

Suggested change

	class test_issue_3513_PsdImage_readResourceBlock(metaclass=system_tests.CaseMeta):
	class TestIssue3513PsdImageReadResourceBlock(metaclass=system_tests.CaseMeta):

[Copilot]

The new enforce protects the static_cast<long>(nativePreview.size_) call, but similar overflow/invalid-range risks can exist for other offset-like fields (e.g., nativePreview.position_) and for any arithmetic combining them (such as position + size). If position_ is later used for seek/indexing in this function, consider adding corresponding bounds checks (and overflow-safe addition checks where applicable) using the same error code to fully address integer-overflow vectors in this parsing path.

[kmilos]

Weirdly enough, clang-format is not happy w/ the comment indent change...

Pull request has been modified.

[kevinbackhouse]

Weirdly enough, clang-format is not happy w/ the comment indent change...

I don't understand what happened there. That change was because I ran clang-format before committing. Maybe it's caused by a version mismatch: I'm using version 20.1.2.

Regardless, I've reverted that change so hopefully the tests will pass now.