Created attachment 309171 [details]
Inkscape GDB-backtrace

Package: libgdk-pixbuf2.0-0
Version: 2.31.1
OS: Debian 8.1 x64


Dear Maintainer,

I would like to report a bug where a large image can 
cause an overflow which is unhandled. This results in a segmentation fault.

The bug affects the gdk_pixbuf_add_alpha() - function in gdk-pixbuf-util.c
when using a grayscale image with a resolution of 27k x 27k pixels.

Both y and pixbuf->rowstride are int-vars. Therefore the result of the multiplication is an int-var too.
A rowstride of 108000 and y > than approx. 18000 doesn't fit in this var.

The patch could be to change those two lines from
src = src_pixels + y * pixbuf->rowstride;
dest = ret_pixels + y * new_pixbuf->rowstride;

to

src = src_pixels + (unsigned long)y * pixbuf->rowstride;
dest = ret_pixels + (unsigned long)y * new_pixbuf->rowstride;

Furthermore there should be a check added to ensure the multiplication doesn't exceed ULONG_MAX.

Please see attached the backtrace.

This bug has been reported some days ago by me to Inkscape without knowing that this package here was the real problem:
https://bugs.launchpad.net/inkscape/+bug/1483061

Best regards