command: fix signed integer overflow in overlay-add#18144
Open
Melodictreacle wants to merge 1 commit into
Open
command: fix signed integer overflow in overlay-add#18144Melodictreacle wants to merge 1 commit into
Melodictreacle wants to merge 1 commit into
Conversation
w is an int and w * 4 was computed in int arithmetic during parameter validation. A large positive w (e.g. 1073741824) passed the w <= 0 check but overflowed when computing w * 4, which is undefined behavior and was reported by UBSan. Reject w > INT_MAX / 4 before the multiplication. Fixes mpv-player#18128
Contributor
|
Could you tell us what told you to contribute to mpv? Is mpv listed in some bounty program or Hacktoberfest-esque program? |
Author
|
i was trying to find an issue which was easier to solve , i am a beginner i found this issue basic , my bad if i did anything wrong , sorry |
Contributor
|
mpv just got a large influx of AI slop (like yours) today so I was curious if it was a coincidence or not. I haven't actually reviewed the changes to tell if it's the right fix or not in this case |
Author
|
i just wrote the commit message with AI , my bad , not gonna try to justify |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #18128.
cmd_overlay_add computed w * 4 in int arithmetic during parameter validation. A large positive w (e.g. 1073741824) passes the w <= 0 check but overflows int when computing w * 4 — undefined behavior, caught by UBSan. This adds a w > INT_MAX / 4 guard before the stride < w * 4 comparison so the multiplication can't overflow; oversized widths now take the existing "inconsistent parameters" error path.
Testing: Built with -Db_sanitize=address,undefined and ran the repro from the issue. Before: UBSan reports signed integer overflow: 1073741824 * 4 cannot be represented in type 'int' at command.c:5434 and aborts. After: mpv prints overlay-add: inconsistent parameters and exits cleanly.