Issue #1621: Avoid signed int negation overflow in audioop

diff --git a/Misc/NEWS b/Misc/NEWS
index 621f7e5e595abcd3db5da30b72bb1a3f9c5af7bc..911a29ead2095cdfc02994db683f42942c63d52e 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -26,6 +26,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #1621: Avoid signed int negation overflow in the "audioop" module.
+
 - Issue #27533: Release GIL in nt._isdir
 
 - Issue #17711: Fixed unpickling by the persistent ID with protocol 0.

diff --git a/Modules/audioop.c b/Modules/audioop.c
index 8ca64c6956c63d516f62a431bb8de77dd5625389..ed1eca3c1d7a539e711420dcdbfff47e320cd970 100644 (file)
--- a/Modules/audioop.c
+++ b/Modules/audioop.c
@@ -446,7 +446,9 @@ audioop_max_impl(PyObject *module, Py_buffer *fragment, int width)
         return NULL;
     for (i = 0; i < fragment->len; i += width) {
         int val = GETRAWSAMPLE(width, fragment->buf, i);
-        if (val < 0) absval = (-val);
+        /* Cast to unsigned before negating. Unsigned overflow is well-
+        defined, but signed overflow is not. */
+        if (val < 0) absval = -(unsigned int)val;
         else absval = val;
         if (absval > max) max = absval;
     }