Skip to content

Plugin (dancingparticles) - Signed integer overflows #287

New issue
New issue
Open
Open
Plugin (dancingparticles) - Signed integer overflows#287
Labels
bug
@kaixiong

Description

@kaixiong
kaixiong
opened on Feb 18, 2023

UBSAN spots two signed integer overflows in two places within its beatdetector class.

Found by UBSAN:

dancingparticles/signal.cpp:32:8: runtime error: signed integer overflow: 65408 * 65408 cannot be represented in type 'int'
dancingparticles/signal.cpp:33:8: runtime error: signed integer overflow: 47316 * 47316 cannot be represented in type 'int'

In beatdetector::beatdetector():

for(int i=0;i<NUM_BANDS;i++)
{
    uint16_t f = i<128 ? (i-128) :0;    // <--- f underflows to produce a large unsigned number when i < 128
    f = f*f/100;                        // <--- overflow #1
    f = f*f/30;                         // <--- overflow #2
    filter[i] =f;
    //      cout << f<<endl;
    filterpower+=f;
}

There is an identical issue in beatdetector::learnbeat().

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions