[vlc-devel] [PATCH 3/7] subsdec: fix potential unsigned overflow
Felix Abecassis
felix.abecassis at gmail.com
Tue May 6 22:28:04 CEST 2014
2014-05-06 21:07 GMT+02:00 Rémi Denis-Courmont <remi at remlab.net>:
> Le mardi 6 mai 2014, 19:08:27 Felix Abecassis a écrit :
>> ---
>> modules/codec/subsdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/modules/codec/subsdec.c b/modules/codec/subsdec.c
>> index 1b4276e..4faff70 100644
>> --- a/modules/codec/subsdec.c
>> +++ b/modules/codec/subsdec.c
>> @@ -737,7 +737,7 @@ static char *CreateHtmlSubtitle( int *pi_align, char
>> *psz_subtitle ) {
>> bool b_match = false;
>> bool b_ignore = false;
>> - int i_len = (psz_tag ? strlen(psz_tag) : 0) - 1;
>> + int i_len = (psz_tag ? (int)strlen(psz_tag) : 0) -
>> 1;
>
> This looks more like it's introducing undefined behaviour than removing it.
>
> If: strlen(psz_tag) == (size_t)INT_MIN
> Before the patch: i_len == INT_MAX
> After the patch: undefined behaviour due to signed underflow.
It's true, but it's unlikely. I could use a wider type in my cast though.
> If psz_tag is the empty string the result is unchanged.
Is it? Unsigned overflow is well defined but conversion of an out of
range unsigned value to a signed value is implementation defined
apparently.
>
> --
> Rémi Denis-Courmont
> http://www.remlab.net/
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
--
Félix Abecassis
http://felix.abecassis.me
More information about the vlc-devel
mailing list