GNOME Bugzilla – Bug 552801
audioconvert can overflow with big audio buffers
Last modified: 2008-10-08 11:50:32 UTC
in audio_convert_convert intemp = insize * size * 8 / ctx->in.width; } if (!ctx->mix_passthrough || !ctx->out_default) outtemp = outsize * size * 8 / ctx->out.width; The multiplication of insize/outsize * 32 can overflow Fixed by making the multiplication/ division in 64 bits before reconverting in 32... (this is ok since the division will remove the overflow) See patch below
Created attachment 118964 [details] [review] Patch to fix the problem Original patch by Frederic Giasson
using gst_util_uint64_scale* would be even safer.
Yeah but the values are int , not unsigned int.. unless I change that.. I don't think I can use it ? ,
2008-10-08 Sebastian Dröge <sebastian.droege@collabora.co.uk> * gst/audioconvert/audioconvert.c: (audio_convert_convert): Prevent overflows with big buffer when calculating the size of the intermediate buffer by using gst_util_uint64_scale() instead of plain arithmetics. Fixes bug #552801.