Commit 86835f9f authored by Filip Roséen's avatar Filip Roséen Committed by Rémi Denis-Courmont

demux/asf: prevent signed integer overflow (fixes #17579)

The previous implementation could overflow the mtime_t when
multiplying p_sys->p_fp->i_preroll by a thousand when converting from
the asf time unit (milliseconds) to VLCs (microseconds).

Given that you can always divide a value without running into issues
in terms of under/overflow, these changes prevent any overflow error
while still preserving the same logic.

In short the implementation takes advantage of the below two
conditions being equivalent:

   1: A > ( ( B * C ) + D )
   2: ( ( A - D ) / C ) > B
Signed-off-by: Rémi Denis-Courmont's avatarRémi Denis-Courmont <remi@remlab.net>
parent a9a94b22
......@@ -212,7 +212,8 @@ static int Demux( demux_t *p_demux )
tk->b_selected = false;
}
while( !p_sys->b_eos && p_sys->i_sendtime - p_sys->i_time < (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK )
while( !p_sys->b_eos && ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
UINT64_C( 1000 ) < p_sys->p_fp->i_preroll ) )
{
/* Read and demux a packet */
if( DemuxASFPacket( &p_sys->packet_sys,
......@@ -239,8 +240,8 @@ static int Demux( demux_t *p_demux )
p_sys->i_time = p_sys->i_sendtime;
}
if( p_sys->b_eos ||
(p_sys->i_sendtime >= p_sys->i_time + (mtime_t)p_sys->p_fp->i_preroll * 1000 + CHUNK) )
if( p_sys->b_eos || ( ( p_sys->i_sendtime - p_sys->i_time - CHUNK ) /
UINT64_C( 1000 ) >= p_sys->p_fp->i_preroll ) )
{
bool b_data = Block_Dequeue( p_demux, p_sys->i_time + CHUNK );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment