Module Name: src
Committed By: isaki
Date: Tue Aug 15 08:28:21 UTC 2017
Modified Files:
src/sys/dev: audio.c
Log Message:
Avoid possibility of integer overflow (and clean up).
- On 32bit arch and type argument is int32_t, orig[m] * tomix[m] is
calculated first with int32 (possibility of overflow here) and then
cast to int64_t for assignment.
- bigger_type is sufficient for product and result.
To generate a diff of this commit:
cvs rdiff -u -r1.397 -r1.398 src/sys/dev/audio.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/audio.c
diff -u src/sys/dev/audio.c:1.397 src/sys/dev/audio.c:1.398
--- src/sys/dev/audio.c:1.397 Tue Aug 15 05:31:52 2017
+++ src/sys/dev/audio.c Tue Aug 15 08:28:21 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: audio.c,v 1.397 2017/08/15 05:31:52 isaki Exp $ */
+/* $NetBSD: audio.c,v 1.398 2017/08/15 08:28:21 isaki Exp $ */
/*-
* Copyright (c) 2016 Nathanial Sloss <nathanialsl...@yahoo.com.au>
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.397 2017/08/15 05:31:52 isaki Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.398 2017/08/15 08:28:21 isaki Exp $");
#ifdef _KERNEL_OPT
#include "audio.h"
@@ -5515,8 +5515,8 @@ done:
struct virtual_channel *vc) \
{ \
int blksize, cc, cc1, cc2, m, resid; \
- int64_t product; \
- int64_t result; \
+ bigger_type product; \
+ bigger_type result; \
type *orig, *tomix; \
\
blksize = sc->sc_pr.blksize; \
@@ -5537,8 +5537,8 @@ done:
for (m = 0; m < (cc / (bits / NBBY)); m++) { \
tomix[m] = (bigger_type)tomix[m] * \
(bigger_type)(vc->sc_swvol) / 255; \
- result = orig[m] + tomix[m]; \
- product = orig[m] * tomix[m]; \
+ result = (bigger_type)orig[m] + tomix[m]; \
+ product = (bigger_type)orig[m] * tomix[m]; \
if (orig[m] > 0 && tomix[m] > 0) \
result -= product / MAXVAL; \
else if (orig[m] < 0 && tomix[m] < 0) \
