[Spice-devel] [PATCH spice-common 3/3] Avoid integer overflow computing image sizes
Christophe de Dinechin
cdupontd at redhat.com
Tue Mar 20 10:20:07 UTC 2018
If you have declared right types from the previous patch, is this really necessary?
> On 19 Mar 2018, at 11:06, Frediano Ziglio <fziglio at redhat.com> wrote:
>
> Use always 64, sizes can be 32x32.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> python_modules/demarshal.py | 14 ++++++--------
> python_modules/marshal.py | 7 +++----
> 2 files changed, 9 insertions(+), 12 deletions(-)
>
> diff --git a/python_modules/demarshal.py b/python_modules/demarshal.py
> index 7e73985..8d3f5cb 100644
> --- a/python_modules/demarshal.py
> +++ b/python_modules/demarshal.py
> @@ -346,13 +346,12 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star
> rows = array.size[3]
> width_v = write_read_primitive(writer, start, container, width, scope)
> rows_v = write_read_primitive(writer, start, container, rows, scope)
> - # TODO: Handle multiplication overflow
> if bpp == 8:
> - writer.assign(nelements, "%s * %s" % (width_v, rows_v))
> + writer.assign(nelements, "(uint64_t) %s * %s" % (width_v, rows_v))
> elif bpp == 1:
> - writer.assign(nelements, "((%s + 7) / 8 ) * %s" % (width_v, rows_v))
> + writer.assign(nelements, "(((uint64_t) %s + 7U) / 8U ) * %s" % (width_v, rows_v))
> else:
> - writer.assign(nelements, "((%s * %s + 7) / 8 ) * %s" % (bpp, width_v, rows_v))
> + writer.assign(nelements, "((%sU * (uint64_t) %s + 7U) / 8U ) * %s" % (bpp, width_v, rows_v))
> elif array.is_bytes_length():
> is_byte_size = True
> v = write_read_primitive(writer, start, container, array.size[1], scope)
> @@ -713,13 +712,12 @@ def read_array_len(writer, prefix, array, dest, scope, is_ptr):
> rows = array.size[3]
> width_v = dest.get_ref(width)
> rows_v = dest.get_ref(rows)
> - # TODO: Handle multiplication overflow
> if bpp == 8:
> - writer.assign(nelements, "%s * %s" % (width_v, rows_v))
> + writer.assign(nelements, "((uint64_t) %s * %s)" % (width_v, rows_v))
> elif bpp == 1:
> - writer.assign(nelements, "((%s + 7) / 8 ) * %s" % (width_v, rows_v))
> + writer.assign(nelements, "(((uint64_t) %s + 7U) / 8U ) * %s" % (width_v, rows_v))
> else:
> - writer.assign(nelements, "((%s * %s + 7) / 8 ) * %s" % (bpp, width_v, rows_v))
> + writer.assign(nelements, "((%sU * (uint64_t) %s + 7U) / 8U ) * %s" % (bpp, width_v, rows_v))
> elif array.is_bytes_length():
> writer.assign(nelements, dest.get_ref(array.size[2]))
> else:
> diff --git a/python_modules/marshal.py b/python_modules/marshal.py
> index 402273c..fd3416a 100644
> --- a/python_modules/marshal.py
> +++ b/python_modules/marshal.py
> @@ -172,13 +172,12 @@ def get_array_size(array, container_src):
> rows = array.size[3]
> width_v = container_src.get_ref(width)
> rows_v = container_src.get_ref(rows)
> - # TODO: Handle multiplication overflow
> if bpp == 8:
> - return "(unsigned) (%s * %s)" % (width_v, rows_v)
> + return "((uint64_t) %s * %s)" % (width_v, rows_v)
> elif bpp == 1:
> - return "(unsigned) (((%s + 7) / 8 ) * %s)" % (width_v, rows_v)
> + return "((((uint64_t) %s + 7U) / 8U ) * %s)" % (width_v, rows_v)
> else:
> - return "(unsigned) (((%s * %s + 7) / 8 ) * %s)" % (bpp, width_v, rows_v)
> + return "((((uint64_t) %s * %s + 7U) / 8U ) * %s)" % (bpp, width_v, rows_v)
> elif array.is_bytes_length():
> return container_src.get_ref(array.size[2])
> else:
> --
> 2.14.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list