ref: 82adfb611d2c8c7f070297210c2b9854490887e5
parent: 4174c26e0aaab19d01afdea0a46f7f95fdc6b3e6
author: Timothy B. Terriberry <tterribe@xiph.org>
date: Tue Dec 15 11:23:16 EST 2020
Fix intermediate overflow in op_pcm_total(). Although link enumeration ensures the return value is in range, the order of operations allows the intermediate value pcm_total+diff to overflow the range of a 64-bit int. Add parentheses to ensure this does not happen. Thanks to Felcia Lim for the report. Fixes #2330
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -1753,7 +1753,7 @@
}
OP_ALWAYS_TRUE(!op_granpos_diff(&diff,
links[_li].pcm_end,links[_li].pcm_start));
- return pcm_total+diff-links[_li].head.pre_skip;
+ return pcm_total+(diff-links[_li].head.pre_skip);
}
const OpusHead *op_head(const OggOpusFile *_of,int _li){