[Live-devel] Signed Integer Overflow in VorbisAudioRTPSink.cpp
Ross Finlayson
finlayson at live555.com
Sun Apr 30 20:31:16 PDT 2023
Martin,
The code here (lines 82 and 92 (and also line 87) of “VorbisAudioRTPSink.cpp”) is a bit unconventional, but it seems OK to me.
For example (line 82):
val = ((p[3]*256 + p[2])*256 + p[1])*256 + p[0];
p[3], p[2], and p[1] are all “u_int8_t” - i.e., unsigned char
val is “u_int32_t” - i.e., unsigned int
Your ‘error’ statement:
signed integer overflow: 16777215 * 256 cannot be represented in type ‘int'
is correct (because 16777215 * 256 == 0xffffff00), but irrelevant in this case, because “val” (the variable being assigned to) is an ‘unsigned int’, not an ‘int’.
So, the ‘bug’ appears to be in your error checking application. It is apparently not realizing that the value being computed is intended to be an ‘unsigned int’, not an ‘int’.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list