[Spice-devel] [PATCH spice-common 3/3] Avoid integer overflow computing image sizes
Frediano Ziglio
fziglio at redhat.com
Tue Mar 20 10:42:54 UTC 2018
>
> If you have declared right types from the previous patch, is this really
> necessary?
>
Previous patch affects other code paths.
> > On 19 Mar 2018, at 11:06, Frediano Ziglio <fziglio at redhat.com> wrote:
> >
> > Use always 64, sizes can be 32x32.
> >
> > Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> > ---
> > python_modules/demarshal.py | 14 ++++++--------
> > python_modules/marshal.py | 7 +++----
> > 2 files changed, 9 insertions(+), 12 deletions(-)
> >
> > diff --git a/python_modules/demarshal.py b/python_modules/demarshal.py
> > index 7e73985..8d3f5cb 100644
> > --- a/python_modules/demarshal.py
> > +++ b/python_modules/demarshal.py
> > @@ -346,13 +346,12 @@ def write_validate_array_item(writer, container,
> > item, scope, parent_scope, star
> > rows = array.size[3]
> > width_v = write_read_primitive(writer, start, container, width,
> > scope)
> > rows_v = write_read_primitive(writer, start, container, rows,
> > scope)
> > - # TODO: Handle multiplication overflow
> > if bpp == 8:
> > - writer.assign(nelements, "%s * %s" % (width_v, rows_v))
> > + writer.assign(nelements, "(uint64_t) %s * %s" % (width_v,
> > rows_v))
> > elif bpp == 1:
> > - writer.assign(nelements, "((%s + 7) / 8 ) * %s" % (width_v,
> > rows_v))
> > + writer.assign(nelements, "(((uint64_t) %s + 7U) / 8U ) * %s" %
> > (width_v, rows_v))
> > else:
> > - writer.assign(nelements, "((%s * %s + 7) / 8 ) * %s" % (bpp,
> > width_v, rows_v))
> > + writer.assign(nelements, "((%sU * (uint64_t) %s + 7U) / 8U ) *
> > %s" % (bpp, width_v, rows_v))
> > elif array.is_bytes_length():
> > is_byte_size = True
> > v = write_read_primitive(writer, start, container, array.size[1],
> > scope)
> > @@ -713,13 +712,12 @@ def read_array_len(writer, prefix, array, dest,
> > scope, is_ptr):
> > rows = array.size[3]
> > width_v = dest.get_ref(width)
> > rows_v = dest.get_ref(rows)
> > - # TODO: Handle multiplication overflow
> > if bpp == 8:
> > - writer.assign(nelements, "%s * %s" % (width_v, rows_v))
> > + writer.assign(nelements, "((uint64_t) %s * %s)" % (width_v,
> > rows_v))
> > elif bpp == 1:
> > - writer.assign(nelements, "((%s + 7) / 8 ) * %s" % (width_v,
> > rows_v))
> > + writer.assign(nelements, "(((uint64_t) %s + 7U) / 8U ) * %s" %
> > (width_v, rows_v))
> > else:
> > - writer.assign(nelements, "((%s * %s + 7) / 8 ) * %s" % (bpp,
> > width_v, rows_v))
> > + writer.assign(nelements, "((%sU * (uint64_t) %s + 7U) / 8U ) *
> > %s" % (bpp, width_v, rows_v))
> > elif array.is_bytes_length():
> > writer.assign(nelements, dest.get_ref(array.size[2]))
> > else:
> > diff --git a/python_modules/marshal.py b/python_modules/marshal.py
> > index 402273c..fd3416a 100644
> > --- a/python_modules/marshal.py
> > +++ b/python_modules/marshal.py
> > @@ -172,13 +172,12 @@ def get_array_size(array, container_src):
> > rows = array.size[3]
> > width_v = container_src.get_ref(width)
> > rows_v = container_src.get_ref(rows)
> > - # TODO: Handle multiplication overflow
> > if bpp == 8:
> > - return "(unsigned) (%s * %s)" % (width_v, rows_v)
> > + return "((uint64_t) %s * %s)" % (width_v, rows_v)
> > elif bpp == 1:
> > - return "(unsigned) (((%s + 7) / 8 ) * %s)" % (width_v, rows_v)
> > + return "((((uint64_t) %s + 7U) / 8U ) * %s)" % (width_v,
> > rows_v)
> > else:
> > - return "(unsigned) (((%s * %s + 7) / 8 ) * %s)" % (bpp,
> > width_v, rows_v)
> > + return "((((uint64_t) %s * %s + 7U) / 8U ) * %s)" % (bpp,
> > width_v, rows_v)
> > elif array.is_bytes_length():
> > return container_src.get_ref(array.size[2])
> > else:
Frediano
More information about the Spice-devel
mailing list