ref: 67273ef32d5d5a0f8a0fc038948b8348c4387b5c
parent: 567165a7feb9b4e540dc9d257fd276849d660060
author: James Zern <jzern@google.com>
date: Thu Dec 7 10:25:28 EST 2017
op_fetch_and_process_page: Fix int64 overflow Check for overflow with a negative diff. Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -2078,7 +2078,11 @@
&&OP_LIKELY(diff<total_duration)){cur_packet_gp=prev_packet_gp;
for(pi=0;pi<op_count;pi++){- diff=durations[pi]-diff;
+ /*Check for overflow.*/
+ if(diff<0&&OP_UNLIKELY(OP_INT64_MAX+diff<durations[pi])){+ diff=durations[pi]+1;
+ }
+ else diff=durations[pi]-diff;
/*If we have samples to trim...*/
if(diff>0){/*If we trimmed the entire packet, stop (the spec says encoders