From 11bb2cdc6aa8db142a87de281b83293d500847b2 Mon Sep 17 00:00:00 2001 From: Mark Dickinson Date: Tue, 11 May 2010 13:05:30 +0000 Subject: Issue #8674: fix another bogus overflow check in audioop module. --- Modules/audioop.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/Modules/audioop.c b/Modules/audioop.c index 13f43dd..ba8f7ac 100644 --- a/Modules/audioop.c +++ b/Modules/audioop.c @@ -1153,25 +1153,16 @@ audioop_ratecv(PyObject *self, PyObject *args) ceiling(len*outrate/inrate) output frames, and each frame requires bytes_per_frame bytes. Computing this without spurious overflow is the challenge; we can - settle for a reasonable upper bound, though. */ - int ceiling; /* the number of output frames */ - int nbytes; /* the number of output bytes needed */ - int q = len / inrate; - /* Now len = q * inrate + r exactly (with r = len % inrate), - and this is less than q * inrate + inrate = (q+1)*inrate. - So a reasonable upper bound on len*outrate/inrate is - ((q+1)*inrate)*outrate/inrate = - (q+1)*outrate. - */ - ceiling = (q+1) * outrate; - nbytes = ceiling * bytes_per_frame; - /* See whether anything overflowed; if not, get the space. */ - if (q+1 < 0 || - ceiling / outrate != q+1 || - nbytes / bytes_per_frame != ceiling) + settle for a reasonable upper bound, though, in this + case ceiling(len/inrate) * outrate. */ + + /* compute ceiling(len/inrate) without overflow */ + int q = len > 0 ? 1 + (len - 1) / inrate : 0; + if (outrate > INT_MAX / q / bytes_per_frame) str = NULL; else - str = PyString_FromStringAndSize(NULL, nbytes); + str = PyString_FromStringAndSize(NULL, + q * outrate * bytes_per_frame); if (str == NULL) { PyErr_SetString(PyExc_MemoryError, -- cgit v0.12