From 393b97a7b61583f3e0401f385da8b741ef1684d6 Mon Sep 17 00:00:00 2001 From: Mark Dickinson Date: Tue, 11 May 2010 13:09:58 +0000 Subject: Merged revisions 81079 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81079 | mark.dickinson | 2010-05-11 14:05:30 +0100 (Tue, 11 May 2010) | 1 line Issue #8674: fix another bogus overflow check in audioop module. ........ --- Modules/audioop.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/Modules/audioop.c b/Modules/audioop.c index 6ca7d72..07b41d4 100644 --- a/Modules/audioop.c +++ b/Modules/audioop.c @@ -1160,25 +1160,16 @@ audioop_ratecv(PyObject *self, PyObject *args) ceiling(len*outrate/inrate) output frames, and each frame requires bytes_per_frame bytes. Computing this without spurious overflow is the challenge; we can - settle for a reasonable upper bound, though. */ - int ceiling; /* the number of output frames */ - int nbytes; /* the number of output bytes needed */ - int q = len / inrate; - /* Now len = q * inrate + r exactly (with r = len % inrate), - and this is less than q * inrate + inrate = (q+1)*inrate. - So a reasonable upper bound on len*outrate/inrate is - ((q+1)*inrate)*outrate/inrate = - (q+1)*outrate. - */ - ceiling = (q+1) * outrate; - nbytes = ceiling * bytes_per_frame; - /* See whether anything overflowed; if not, get the space. */ - if (q+1 < 0 || - ceiling / outrate != q+1 || - nbytes / bytes_per_frame != ceiling) + settle for a reasonable upper bound, though, in this + case ceiling(len/inrate) * outrate. */ + + /* compute ceiling(len/inrate) without overflow */ + int q = len > 0 ? 1 + (len - 1) / inrate : 0; + if (outrate > INT_MAX / q / bytes_per_frame) str = NULL; else - str = PyBytes_FromStringAndSize(NULL, nbytes); + str = PyBytes_FromStringAndSize(NULL, + q * outrate * bytes_per_frame); if (str == NULL) { PyErr_SetString(PyExc_MemoryError, -- cgit v0.12