Displaying 5 results from an estimated 5 matches for "cur_packet_gp".
2017 Nov 20
7
[PATCH 0/2] libopusfile int64 overflows
Just an attempt to avoid overflows with an explicit check, I don't know if
there's a better way to identify corrupt input here.
James Zern (2):
op_pcm_seek: fix int64 overflow
op_fetch_and_process_page: fix int64 overflow
src/opusfile.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--
2.15.0.448.gf294e3d99a-goog
2017 Dec 07
2
[PATCH 0/2] libopusfile int64 overflows
On Tue, Nov 28, 2017 at 3:22 PM, James Zern <jzern at google.com> wrote:
> On Mon, Nov 20, 2017 at 1:07 PM, James Zern <jzern at google.com> wrote:
>> Just an attempt to avoid overflows with an explicit check, I don't know if
>> there's a better way to identify corrupt input here.
>>
>> James Zern (2):
>> op_pcm_seek: fix int64 overflow
2017 Nov 20
0
[PATCH 2/2] op_fetch_and_process_page: fix int64 overflow
...nged, 4 insertions(+), 1 deletion(-)
diff --git a/src/opusfile.c b/src/opusfile.c
index df326af..2bef277 100644
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -2078,7 +2078,10 @@ static int op_fetch_and_process_page(OggOpusFile *_of,
&&OP_LIKELY(diff<total_duration)){
cur_packet_gp=prev_packet_gp;
for(pi=0;pi<op_count;pi++){
- diff=durations[pi]-diff;
+ /*Check for overflow.*/
+ if(diff<0&&OP_UNLIKELY(OP_INT64_MAX+diff<durations[pi])){
+ diff=0;
+ } else diff=durations[pi]-diff;...
2017 Dec 07
1
[PATCH 0/2] libopusfile int64 overflows
...(because _pcm_offset == (target_gp - pcm_start) and diff == (gp -
> pcm_start).
>
This works.
> [...]
>
>> @@ -2078,7 +2078,10 @@ static int op_fetch_and_process_page(OggOpusFile
>> *_of,
>> &&OP_LIKELY(diff<total_duration)){
>> cur_packet_gp=prev_packet_gp;
>> for(pi=0;pi<op_count;pi++){
>> - diff=durations[pi]-diff;
>> + /*Check for overflow.*/
>> + if(diff<0&&OP_UNLIKELY(OP_INT64_MAX+diff<durations[pi])){
>> + diff=0;
>> +...
2017 Dec 07
0
[PATCH 0/2] libopusfile int64 overflows
...tamps like this, but at least if we try a full seek
and fail we'll report an error in most cases instead of pretending we
succeeded.
> @@ -2078,7 +2078,10 @@ static int op_fetch_and_process_page(OggOpusFile *_of,
> &&OP_LIKELY(diff<total_duration)){
> cur_packet_gp=prev_packet_gp;
> for(pi=0;pi<op_count;pi++){
> - diff=durations[pi]-diff;
> + /*Check for overflow.*/
> + if(diff<0&&OP_UNLIKELY(OP_INT64_MAX+diff<durations[pi])){
> + diff=0;
> + } else diff=dur...