[vlc-devel] [PATCH] gme: fixed out-of-memory/out-of-range tests
Piotr Fusik
piotr at fusik.info
Fri Mar 23 18:20:45 CET 2012
Dnia 2012-03-23 19:08 Rémi Denis-Courmont napisał(a):
>Le vendredi 23 mars 2012 19:00:04 Piotr Fusik, vous avez écrit :
>> Hello everyone, I'm new here. :)
>>
>> Dnia 2012-03-23 18:49 Rémi Denis-Courmont napisał(a):
>> >Le vendredi 23 mars 2012 18:15:33 Piotr Fusik, vous avez écrit :
>> >> ---
>> >>
>> >> modules/demux/gme.c | 6 +++---
>> >> 1 files changed, 3 insertions(+), 3 deletions(-)
>> >>
>> >> diff --git a/modules/demux/gme.c b/modules/demux/gme.c
>> >> index 464ba9e..8f56887 100644
>> >> --- a/modules/demux/gme.c
>> >> +++ b/modules/demux/gme.c
>> >> @@ -261,8 +261,8 @@ static int Control (demux_t *demux, int query,
>>
>> va_list
>>
>> >> args)
>> >>
>> >> || (sys->titlev[sys->track_id]->i_length == 0))
>> >> ||
>> >> break;
>> >>
>> >> - int seek = (sys->titlev[sys->track_id]->i_length / 1000)
*
>> >> pos; - if (seek > INT_MAX || gme_seek (sys->emu, seek))
>> >> + double seek = (sys->titlev[sys->track_id]->i_length /
1000)
>>
>> *
>>
>> >> pos;
>> >> + if (seek > INT_MAX || gme_seek (sys->emu, (int) seek))
>> >
>> >So signed overflow is undefined. Unsigned would be enough and avoid
going
>>
>> to
>>
>> >FPU...
>>
>> Correct me if I'm wrong, but I thought double->unsigned conversion is
only
>> defined within the range of unsigned?
>
>Yeah? So?
>
>I mean, we do care about not crashing or exhibiting undefined behaviour. We
>don't care about not playing corrupt or overly long files correctly.
>
>Unsigned should be enough to protect against undefined behaviour, even if
it
>might cause integer overflow, no?
That's right.
Piotr
More information about the vlc-devel
mailing list