Skip to content

Commit d4e3d4e

Browse files
Timothy B. Terriberrysezero
Timothy B. Terriberry
authored and
sezero
committed
Fix UB reported by UBsan.
Also fix other instances of similar patterns. Thanks to kunitoki for the report. Fixes #2305 (cherry picked from commit 7cf42ea)
1 parent 0eb2518 commit d4e3d4e

File tree

2 files changed

+26
-22
lines changed

2 files changed

+26
-22
lines changed

src/bitwise.c

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -284,13 +284,13 @@ long oggpack_look(oggpack_buffer *b,int bits){
284284

285285
ret=b->ptr[0]>>b->endbit;
286286
if(bits>8){
287-
ret|=b->ptr[1]<<(8-b->endbit);
287+
ret|=(unsigned long)b->ptr[1]<<(8-b->endbit);
288288
if(bits>16){
289-
ret|=b->ptr[2]<<(16-b->endbit);
289+
ret|=(unsigned long)b->ptr[2]<<(16-b->endbit);
290290
if(bits>24){
291-
ret|=b->ptr[3]<<(24-b->endbit);
291+
ret|=(unsigned long)b->ptr[3]<<(24-b->endbit);
292292
if(bits>32 && b->endbit)
293-
ret|=b->ptr[4]<<(32-b->endbit);
293+
ret|=(unsigned long)b->ptr[4]<<(32-b->endbit);
294294
}
295295
}
296296
}
@@ -313,13 +313,13 @@ long oggpackB_look(oggpack_buffer *b,int bits){
313313
else if(!bits)return(0L);
314314
}
315315

316-
ret=b->ptr[0]<<(24+b->endbit);
316+
ret=(unsigned long)b->ptr[0]<<(24+b->endbit);
317317
if(bits>8){
318-
ret|=b->ptr[1]<<(16+b->endbit);
318+
ret|=(unsigned long)b->ptr[1]<<(16+b->endbit);
319319
if(bits>16){
320-
ret|=b->ptr[2]<<(8+b->endbit);
320+
ret|=(unsigned long)b->ptr[2]<<(8+b->endbit);
321321
if(bits>24){
322-
ret|=b->ptr[3]<<(b->endbit);
322+
ret|=(unsigned long)b->ptr[3]<<(b->endbit);
323323
if(bits>32 && b->endbit)
324324
ret|=b->ptr[4]>>(8-b->endbit);
325325
}
@@ -389,13 +389,13 @@ long oggpack_read(oggpack_buffer *b,int bits){
389389

390390
ret=b->ptr[0]>>b->endbit;
391391
if(bits>8){
392-
ret|=b->ptr[1]<<(8-b->endbit);
392+
ret|=(unsigned long)b->ptr[1]<<(8-b->endbit);
393393
if(bits>16){
394-
ret|=b->ptr[2]<<(16-b->endbit);
394+
ret|=(unsigned long)b->ptr[2]<<(16-b->endbit);
395395
if(bits>24){
396-
ret|=b->ptr[3]<<(24-b->endbit);
396+
ret|=(unsigned long)b->ptr[3]<<(24-b->endbit);
397397
if(bits>32 && b->endbit){
398-
ret|=b->ptr[4]<<(32-b->endbit);
398+
ret|=(unsigned long)b->ptr[4]<<(32-b->endbit);
399399
}
400400
}
401401
}
@@ -430,13 +430,13 @@ long oggpackB_read(oggpack_buffer *b,int bits){
430430
else if(!bits)return(0L);
431431
}
432432

433-
ret=b->ptr[0]<<(24+b->endbit);
433+
ret=(unsigned long)b->ptr[0]<<(24+b->endbit);
434434
if(bits>8){
435-
ret|=b->ptr[1]<<(16+b->endbit);
435+
ret|=(unsigned long)b->ptr[1]<<(16+b->endbit);
436436
if(bits>16){
437-
ret|=b->ptr[2]<<(8+b->endbit);
437+
ret|=(unsigned long)b->ptr[2]<<(8+b->endbit);
438438
if(bits>24){
439-
ret|=b->ptr[3]<<(b->endbit);
439+
ret|=(unsigned long)b->ptr[3]<<(b->endbit);
440440
if(bits>32 && b->endbit)
441441
ret|=b->ptr[4]>>(8-b->endbit);
442442
}

src/framing.c

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -349,12 +349,13 @@ int ogg_stream_packetin(ogg_stream_state *os,ogg_packet *op){
349349
static int ogg_stream_flush_i(ogg_stream_state *os,ogg_page *og, int force, int nfill){
350350
int i;
351351
int vals=0;
352-
int maxvals=(os->lacing_fill>255?255:os->lacing_fill);
352+
int maxvals;
353353
int bytes=0;
354354
long acc=0;
355355
ogg_int64_t granule_pos=-1;
356356

357357
if(ogg_stream_check(os)) return(0);
358+
maxvals=(os->lacing_fill>255?255:os->lacing_fill);
358359
if(maxvals==0) return(0);
359360

360361
/* construct a page */
@@ -639,12 +640,15 @@ int ogg_sync_wrote(ogg_sync_state *oy, long bytes){
639640
*/
640641

641642
long ogg_sync_pageseek(ogg_sync_state *oy,ogg_page *og){
642-
unsigned char *page=oy->data+oy->returned;
643+
unsigned char *page;
643644
unsigned char *next;
644-
long bytes=oy->fill-oy->returned;
645+
long bytes;
645646

646647
if(ogg_sync_check(oy))return 0;
647648

649+
page=oy->data+oy->returned;
650+
bytes=oy->fill-oy->returned;
651+
648652
if(oy->headerbytes==0){
649653
int headerbytes,i;
650654
if(bytes<27)return(0); /* not enough for a header */
@@ -1086,11 +1090,11 @@ void print_header(ogg_page *og){
10861090
(int)og->header[4],(int)og->header[5]);
10871091

10881092
fprintf(stderr," granulepos: %d serialno: %d pageno: %ld\n",
1089-
(og->header[9]<<24)|(og->header[8]<<16)|
1093+
((unsigned)og->header[9]<<24)|(og->header[8]<<16)|
10901094
(og->header[7]<<8)|og->header[6],
1091-
(og->header[17]<<24)|(og->header[16]<<16)|
1095+
((unsigned)og->header[17]<<24)|(og->header[16]<<16)|
10921096
(og->header[15]<<8)|og->header[14],
1093-
((long)(og->header[21])<<24)|(og->header[20]<<16)|
1097+
((long)((unsigned)og->header[21])<<24)|(og->header[20]<<16)|
10941098
(og->header[19]<<8)|og->header[18]);
10951099

10961100
fprintf(stderr," checksum: %02x:%02x:%02x:%02x\n segments: %d (",

0 commit comments

Comments
 (0)