Kezdőlap Felfedezés Súgó
Bejelentkezés
rainmanp7
/
dragora
másolva dragora/dragora
Figyelés 1
Kedvenc 0
Másolás 0
Fájlok
Branch: master
Branch-ok Tag-ek
dragora
/
patches
/
audiofile
/
07_Check-for-multiplication-overflow-in-sfconvert.patch

07_Check-for-multiplication-overflow-in-sfconvert.patch 1.9 KB
Állandó hivatkozás Előzmények Nyers

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. From: Antonio Larrosa <larrosa@kde.org>
    2. 

  2. Date: Mon, 6 Mar 2017 13:54:52 +0100
    3. 

  3. Subject: Check for multiplication overflow in sfconvert
    4. 

  4. 

  5. Checks that a multiplication doesn't overflow when
    6. 

  6. calculating the buffer size, and if it overflows,
    7. 

  7. reduce the buffer size instead of failing.
    8. 

  8. 

  9. This fixes the 00192-audiofile-signintoverflow-sfconvert case
    10. 

  10. in #41
    11. 

  11. ---
    12. 

  12.  sfcommands/sfconvert.c | 34 ++++++++++++++++++++++++++++++++--
    13. 

  13.  1 file changed, 32 insertions(+), 2 deletions(-)
    14. 

  14. 

  15. diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
    16. 

  16. index 80a1bc4..970a3e4 100644
    17. 

  17. --- a/sfcommands/sfconvert.c
    18. 

  18. +++ b/sfcommands/sfconvert.c
    19. 

  19. @@ -45,6 +45,33 @@ void printusage (void);
    20. 

  20.  void usageerror (void);
    21. 

  21.  bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
    22. 

  22.  
    23. 

  23. +int firstBitSet(int x)
    24. 

  24. +{
    25. 

  25. +        int position=0;
    26. 

  26. +        while (x!=0)
    27. 

  27. +        {
    28. 

  28. +                x>>=1;
    29. 

  29. +                ++position;
    30. 

  30. +        }
    31. 

  31. +        return position;
    32. 

  32. +}
    33. 

  33. +
    34. 

  34. +#ifndef __has_builtin
    35. 

  35. +#define __has_builtin(x) 0
    36. 

  36. +#endif
    37. 

  37. +
    38. 

  38. +int multiplyCheckOverflow(int a, int b, int *result)
    39. 

  39. +{
    40. 

  40. +#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
    41. 

  41. +	return __builtin_mul_overflow(a, b, result);
    42. 

  42. +#else
    43. 

  43. +	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
    44. 

  44. +		return true;
    45. 

  45. +	*result = a * b;
    46. 

  46. +	return false;
    47. 

  47. +#endif
    48. 

  48. +}
    49. 

  49. +
    50. 

  50.  int main (int argc, char **argv)
    51. 

  51.  {
    52. 

  52.  	if (argc == 2)
    53. 

  53. @@ -323,8 +350,11 @@ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid)
    54. 

  54.  {
    55. 

  55.  	int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
    56. 

  56.  
    57. 

  57. -	const int kBufferFrameCount = 65536;
    58. 

  58. -	void *buffer = malloc(kBufferFrameCount * frameSize);
    59. 

  59. +	int kBufferFrameCount = 65536;
    60. 

  60. +	int bufferSize;
    61. 

  61. +	while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
    62. 

  62. +		kBufferFrameCount /= 2;
    63. 

  63. +	void *buffer = malloc(bufferSize);
    64. 

  64.  
    65. 

  65.  	AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
    66. 

  66.  	AFframecount totalFramesWritten = 0;
    67. 

  67.