Some arithmetic overflow bugs found by libfuzzer

[kuzeyardabulut]

Hi,
I've using libfuzzer to fuzz this crate. And I've found 2 API may panic due to arithmetic overflow.

Issue Description

We are getting crashes in adaptive_threshold function. The following code blocks triggers integer overflow.

imageproc/src/integral_image.rs

Line 142 in 2bb3347

current.channels_mut()[c as usize] = above.channels()[c as usize] + sum[c as usize];

imageproc/src/integral_image.rs

Line 174 in 2bb3347

[lhs[0] + rhs[0]]

Reproduction

Below is an example program that triggers an integer overflow. Simply calling imageproc::contrast::adaptive_threshold with specific image files triggers this vulnerability.

PoC

You can test both vulnerabilities by following the guide below.

Code:

use imageproc::contrast::adaptive_threshold;
use std::fs::read;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let file_path = "png_name";

    let buffer = read(file_path)?;

    let img = image::load_from_memory(&buffer)?;

    let rgb_image = img.to_luma8();

    let _ = adaptive_threshold(&rgb_image, 10);

    println!("Done.");
    Ok(())
}

first#174.png -> This input will trigger this vulnerable code block:

imageproc/src/integral_image.rs

Line 174 in 2bb3347

[lhs[0] + rhs[0]]

second#142.png -> This input will trigger this vulnerable code block:

imageproc/src/integral_image.rs

Line 142 in 2bb3347

current.channels_mut()[c as usize] = above.channels()[c as usize] + sum[c as usize];

[cospectrum]

But what we can do about it? Find edge cases and assert?