John M McIntosh wrote:
> mmm, in looking it seems we check length versus data in all the places a 
> cursory scan show, but.
> 
> What if I pass -1 as width to primitiveWrite24BmpLine

Yes, this would cause problems. Report and fix available at:

     http://bugs.impara.de/view.php?id=4360

> or perhaps pass something odd to
> primAECoerceDesc: typeCode to: result.

Don't know. Given that this is Applescript it should probably be treated 
like the FFI, e.g., not be used in any environment where we care about 
random access to the OS by untrusted code.

Cheers,
   - Andreas