[vlc-devel] [PATCH] demux/asf: fix 17579: prevent signed integer overflow
Filip Roséen
filip at atch.se
Tue Nov 1 02:04:06 CET 2016
The previous implementation could overflow the mtime_t when
multiplying p_sys->p_fp->i_preroll by a thousand when converting from
the asf time unit (milliseconds) to VLCs (microseconds).
Given that you can always divide a value without running into issues
in terms of under/overflow, these changes prevent any overflow error
while still preserving the same logic.
In short the implementation takes advantage of the below two
conditions being equivalent:
1: A > ( ( B * C ) + D )
2: ( ( A - D ) / C ) > B
fixes #17579
---
modules/demux/asf/asf.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/modules/demux/asf/asf.c b/modules/demux/asf/asf.c
index e05d301..5cbb800 100644
--- a/modules/demux/asf/asf.c
+++ b/modules/demux/asf/asf.c
@@ -212,7 +212,8 @@ static int Demux( demux_t *p_demux )
tk->b_selected = false;
}
- while( !p_sys->b_eos && p_sys->i_sendtime - p_sys->i_time < (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK )
+ while( !p_sys->b_eos && ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
+ UINT64_C( 1000 ) < p_sys->p_fp->i_preroll ) )
{
/* Read and demux a packet */
if( DemuxASFPacket( &p_sys->packet_sys,
@@ -239,8 +240,8 @@ static int Demux( demux_t *p_demux )
p_sys->i_time = p_sys->i_sendtime;
}
- if( p_sys->b_eos ||
- (p_sys->i_sendtime >= p_sys->i_time + (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK) )
+ if( p_sys->b_eos || ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
+ UINT64_C( 1000 ) >= p_sys->p_fp->i_preroll ) )
{
bool b_data = Block_Dequeue( p_demux, p_sys->i_time + CHUNK );
--
2.10.1
More information about the vlc-devel
mailing list