Fix 30 critical and high severity bugs from audit passes 6-8

Critical fixes: - Prevent path traversal via rename templates (sanitize_filename) - Prevent input == output data loss (paths_are_same check) - Undo now uses actual executor output paths instead of scanning directory - Filter empty paths from output_files (prevents trashing CWD on undo) - Sanitize URL download filenames to prevent path traversal writes High severity fixes: - Fix EXIF orientation 5/7 transforms per spec - Atomic file creation in find_unique_path (TOCTOU race) - Clean up 0-byte placeholder files on encoding failure - Cap canvas padding to 10000px, total dimensions to 65535 - Clamp crop dimensions to minimum 1px - Clamp DPI to 65535 before u16 cast in JPEG encoder - Force pixel path for non-JPEG/TIFF metadata stripping - Fast path now applies regex find/replace on rename stem - Add output_dpi to needs_pixel_processing check - Cap watermark image scale dimensions to 16384 - Cap template counter padding to 10 - Cap URL download size to 100MB - Fix progress bar NaN when total is zero - Fix calculate_eta underflow when current > total - Fix loaded.len()-1 underflow in preview callbacks - Replace ListItem downcast unwrap with if-let - Fix resize preview division by zero on degenerate images - Clamp rename cursor position to prevent overflow panic - Watch mode: skip output dirs to prevent infinite loop - Watch mode: drop tx sender so channel closes on exit - Watch mode: add delay for partially-written files - Watch mode: warn and skip unmatched files instead of wrong preset - Clean temp download directory on app close - Replace action downcast unwrap with checked if-let - Add BatchResult.output_files for accurate undo tracking
2026-03-07 20:49:10 +02:00
parent b432cc7431
commit adef810691
14 changed files with 207 additions and 106 deletions
--- a/pixstrip-gtk/src/steps/step_resize.rs
+++ b/pixstrip-gtk/src/steps/step_resize.rs
@@ -445,12 +445,14 @@ pub fn build_resize_page(state: &AppState) -> adw::NavigationPage {
            std::thread::spawn(move || {
                let result = (|| -> Option<Vec<u8>> {
                    let img = image::open(&path).ok()?;
-                    let target_w = if render_tw > 0 { render_tw } else { img.width() };
+                    let target_w = if render_tw > 0 { render_tw } else { img.width().max(1) };
                    let target_h = if render_th > 0 {
                        render_th
-                    } else {
+                    } else if img.width() > 0 {
                        let scale = target_w as f64 / img.width() as f64;
-                        (img.height() as f64 * scale).round() as u32
+                        (img.height() as f64 * scale).round().max(1.0) as u32
+                    } else {
+                        target_w
                    };
                    let resized = if mode == 0 && render_th > 0 {
                        // Exact: stretch to exact dimensions