[totem-pl-parser] plparse: Fix potential integer overflow when parsing long durations

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [totem-pl-parser] plparse: Fix potential integer overflow when parsing long durations
Date: Mon, 19 May 2014 11:27:46 +0000 (UTC)

commit 4707e16049b2fe24a07aa093ec1f4c062f0a6cf7
Author: Philip Withnall <philip withnall collabora co uk>
Date:   Mon May 19 10:42:06 2014 +0100

    plparse: Fix potential integer overflow when parsing long durations
    
    If a duration legitimately specifies a huge number of hours, there is
    the potential for an integer overflow when converting to seconds.
    
    Coverity issue: #60480
    
    https://bugzilla.gnome.org/show_bug.cgi?id=730361

 plparse/totem-pl-parser.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/plparse/totem-pl-parser.c b/plparse/totem-pl-parser.c
index fc3cd15..cb1429b 100644
--- a/plparse/totem-pl-parser.c
+++ b/plparse/totem-pl-parser.c
@@ -2265,7 +2265,7 @@ totem_pl_parser_parse_duration (const char *duration, gboolean debug)
 
        /* Formats used by both ASX and RAM files */
        if (sscanf (duration, "%d:%d:%d.%d", &hours, &minutes, &seconds, &fractions) == 4) {
-               gint64 ret = hours * 3600 + minutes * 60 + seconds;
+               gint64 ret = (gint64) hours * 3600 + (gint64) minutes * 60 + seconds;
                if (ret == 0 && fractions > 0) {
                        D(g_print ("Used 00:00:00.00 format, with fractions rounding\n"));
                        ret = 1;
@@ -2276,7 +2276,7 @@ totem_pl_parser_parse_duration (const char *duration, gboolean debug)
        }
        if (sscanf (duration, "%d:%d:%d", &hours, &minutes, &seconds) == 3) {
                D(g_print ("Used 00:00:00 format\n"));
-               return hours * 3600 + minutes * 60 + seconds;
+               return (gint64) hours * 3600 + (gint64) minutes * 60 + seconds;
        }
        if (sscanf (duration, "%d:%d.%d", &minutes, &seconds, &fractions) == 3) {
                gint64 ret = minutes * 60 + seconds;
@@ -2290,16 +2290,16 @@ totem_pl_parser_parse_duration (const char *duration, gboolean debug)
        }
        if (sscanf (duration, "%d:%d", &minutes, &seconds) == 2) {
                D(g_print ("Used 00:00 format\n"));
-               return minutes * 60 + seconds;
+               return (gint64) minutes * 60 + seconds;
        }
        if (sscanf (duration, "%d.%d", &minutes, &seconds) == 2) {
                D(g_print ("Used broken float format (00.00)\n"));
-               return minutes * 60 + seconds;
+               return (gint64) minutes * 60 + seconds;
        }
        /* YouTube format */
        if (sscanf (duration, "%dm%ds", &minutes, &seconds) == 2) {
                D(g_print ("Used YouTube format\n"));
-               return minutes * 60 + seconds;
+               return (gint64) minutes * 60 + seconds;
        }
        /* PLS files format */
        if (sscanf (duration, "%d", &seconds) == 1) {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]