Crash in vtkImageExport

nbeck · May 12, 2026, 10:05am

Hello,

we’ve encountered spurious crashes with our application when processing large data sets. Some debugging revealed that we had invalid memory access in vtkImageExport::export(). Further investigation showed that the calculated memory size was off due to an integer overflow.

vtkIdType vtkImageExport::GetDataMemorySize()
{
  vtkImageData* input = this->GetInput();
  if (input == nullptr)
  {
    return 0;
  }

  this->GetInputAlgorithm()->UpdateInformation();
  vtkInformation* inInfo = this->GetInputInformation();
  int* extent = inInfo->Get(vtkStreamingDemandDrivenPipeline::WHOLE_EXTENT());
  int size = input->GetScalarSize();
  size *= input->GetNumberOfScalarComponents();
  size *= (extent[1] - extent[0] + 1);
  size *= (extent[3] - extent[2] + 1);
  size *= (extent[5] - extent[4] + 1);

  return size;
}

While the calculated size is returned as a vtkIdType, it is calculated as an int. For large data sets with double scalars this can easily overflow.

nbeck · May 12, 2026, 1:09pm

https://gitlab.kitware.com/vtk/vtk/-/work_items/20044

Paulo_Carvalho · May 12, 2026, 6:20pm

Hello,

It is unsafe to assume int is 64-bit even on 64-bit systems. sizeof() anything other than char is compiler-specific. I’d use the safer long there.

best,

PC