[vlc-devel] [PATCH] gme: fixed out-of-memory/out-of-range tests
Rémi Denis-Courmont
remi at remlab.net
Fri Mar 23 18:08:41 CET 2012
Le vendredi 23 mars 2012 19:00:04 Piotr Fusik, vous avez écrit :
> Hello everyone, I'm new here. :)
>
> Dnia 2012-03-23 18:49 Rémi Denis-Courmont napisał(a):
> >Le vendredi 23 mars 2012 18:15:33 Piotr Fusik, vous avez écrit :
> >> ---
> >>
> >> modules/demux/gme.c | 6 +++---
> >> 1 files changed, 3 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/modules/demux/gme.c b/modules/demux/gme.c
> >> index 464ba9e..8f56887 100644
> >> --- a/modules/demux/gme.c
> >> +++ b/modules/demux/gme.c
> >> @@ -261,8 +261,8 @@ static int Control (demux_t *demux, int query,
>
> va_list
>
> >> args)
> >>
> >> || (sys->titlev[sys->track_id]->i_length == 0))
> >> ||
> >> break;
> >>
> >> - int seek = (sys->titlev[sys->track_id]->i_length / 1000) *
> >> pos; - if (seek > INT_MAX || gme_seek (sys->emu, seek))
> >> + double seek = (sys->titlev[sys->track_id]->i_length / 1000)
>
> *
>
> >> pos;
> >> + if (seek > INT_MAX || gme_seek (sys->emu, (int) seek))
> >
> >So signed overflow is undefined. Unsigned would be enough and avoid going
>
> to
>
> >FPU...
>
> Correct me if I'm wrong, but I thought double->unsigned conversion is only
> defined within the range of unsigned?
Yeah? So?
I mean, we do care about not crashing or exhibiting undefined behaviour. We
don't care about not playing corrupt or overly long files correctly.
Unsigned should be enough to protect against undefined behaviour, even if it
might cause integer overflow, no?
--
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis
More information about the vlc-devel
mailing list