33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 67273ef32d5d5a0f8a0fc038948b8348c4387b5c Mon Sep 17 00:00:00 2001
|
|
From: James Zern <jzern@google.com>
|
|
Date: Thu, 7 Dec 2017 15:25:28 -0800
|
|
Subject: [PATCH] op_fetch_and_process_page: Fix int64 overflow
|
|
|
|
Check for overflow with a negative diff.
|
|
|
|
Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
|
|
---
|
|
src/opusfile.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/opusfile.c b/src/opusfile.c
|
|
index 140503e..8b000a2 100644
|
|
--- a/src/opusfile.c
|
|
+++ b/src/opusfile.c
|
|
@@ -2078,7 +2078,11 @@ static int op_fetch_and_process_page(OggOpusFile *_of,
|
|
&&OP_LIKELY(diff<total_duration)){
|
|
cur_packet_gp=prev_packet_gp;
|
|
for(pi=0;pi<op_count;pi++){
|
|
- diff=durations[pi]-diff;
|
|
+ /*Check for overflow.*/
|
|
+ if(diff<0&&OP_UNLIKELY(OP_INT64_MAX+diff<durations[pi])){
|
|
+ diff=durations[pi]+1;
|
|
+ }
|
|
+ else diff=durations[pi]-diff;
|
|
/*If we have samples to trim...*/
|
|
if(diff>0){
|
|
/*If we trimmed the entire packet, stop (the spec says encoders
|
|
--
|
|
2.1.4
|
|
|