libvisual
libvisual copied to clipboard
Libvisual
Plugin (dancingparticles) - Signed integer overflows
UBSAN spots two signed integer overflows in two places within its beatdetector class.
Found by UBSAN:
dancingparticles/signal.cpp:32:8: runtime error: signed integer overflow: 65408 * 65408 cannot be represented in type 'int'
dancingparticles/signal.cpp:33:8: runtime error: signed integer overflow: 47316 * 47316 cannot be represented in type 'int'
In beatdetector::beatdetector():
for(int i=0;i<NUM_BANDS;i++)
{
uint16_t f = i<128 ? (i-128) :0; // <--- f underflows to produce a large unsigned number when i < 128
f = f*f/100; // <--- overflow #1
f = f*f/30; // <--- overflow #2
filter[i] =f;
// cout << f<<endl;
filterpower+=f;
}
There is an identical issue in beatdetector::learnbeat().
