[vlc-devel] [PATCH] gme: fixed out-of-memory/out-of-range tests
piotr at fusik.info
Fri Mar 23 18:36:27 CET 2012
Dnia 2012-03-23 19:08 Rémi Denis-Courmont napisał(a):
>> >> - int seek = (sys->titlev[sys->track_id]->i_length / 1000)
>> >> pos; - if (seek > INT_MAX || gme_seek (sys->emu, seek))
>> >> + double seek = (sys->titlev[sys->track_id]->i_length /
>> >> pos;
>> >> + if (seek > INT_MAX || gme_seek (sys->emu, (int) seek))
>> >So signed overflow is undefined. Unsigned would be enough and avoid
>> Correct me if I'm wrong, but I thought double->unsigned conversion is
>> defined within the range of unsigned?
>I mean, we do care about not crashing or exhibiting undefined behaviour. We
>don't care about not playing corrupt or overly long files correctly.
>Unsigned should be enough to protect against undefined behaviour, even if
>might cause integer overflow, no?
Not sure if we understand well. :)
an_int > INT_MAX makes no sense. You can:
a. replace it with a_double > INT_MAX as I did
b. replace it with an_int < 0
c. remove it
I don't see how an unsigned would help here.
More information about the vlc-devel