From: Mark Dickinson Date: Tue, 11 May 2010 13:08:26 +0000 (+0000) Subject: Merged revisions 81079 via svnmerge from X-Git-Tag: v2.6.6rc1~339 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7ceb497ae6f554274399bd9916ea5a21de443208;p=python Merged revisions 81079 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81079 | mark.dickinson | 2010-05-11 14:05:30 +0100 (Tue, 11 May 2010) | 1 line Issue #8674: fix another bogus overflow check in audioop module. ........ --- diff --git a/Modules/audioop.c b/Modules/audioop.c index e5ff5ad682..a3a54cd214 100644 --- a/Modules/audioop.c +++ b/Modules/audioop.c @@ -1155,25 +1155,16 @@ audioop_ratecv(PyObject *self, PyObject *args) ceiling(len*outrate/inrate) output frames, and each frame requires bytes_per_frame bytes. Computing this without spurious overflow is the challenge; we can - settle for a reasonable upper bound, though. */ - int ceiling; /* the number of output frames */ - int nbytes; /* the number of output bytes needed */ - int q = len / inrate; - /* Now len = q * inrate + r exactly (with r = len % inrate), - and this is less than q * inrate + inrate = (q+1)*inrate. - So a reasonable upper bound on len*outrate/inrate is - ((q+1)*inrate)*outrate/inrate = - (q+1)*outrate. - */ - ceiling = (q+1) * outrate; - nbytes = ceiling * bytes_per_frame; - /* See whether anything overflowed; if not, get the space. */ - if (q+1 < 0 || - ceiling / outrate != q+1 || - nbytes / bytes_per_frame != ceiling) + settle for a reasonable upper bound, though, in this + case ceiling(len/inrate) * outrate. */ + + /* compute ceiling(len/inrate) without overflow */ + int q = len > 0 ? 1 + (len - 1) / inrate : 0; + if (outrate > INT_MAX / q / bytes_per_frame) str = NULL; else - str = PyString_FromStringAndSize(NULL, nbytes); + str = PyString_FromStringAndSize(NULL, + q * outrate * bytes_per_frame); if (str == NULL) { PyErr_SetString(PyExc_MemoryError,