changeset:   102404:d6a86018ab33
user:        Martin Panter <vadmium+py@gmail.com>
date:        Tue Jul 19 03:05:42 2016 +0000
files:       Misc/NEWS Modules/audioop.c
description:
Issue #1621: Avoid signed int negation overflow in audioop


diff -r e0761e817deb -r d6a86018ab33 Misc/NEWS
--- a/Misc/NEWS	Tue Jul 19 02:50:51 2016 +0000
+++ b/Misc/NEWS	Tue Jul 19 03:05:42 2016 +0000
@@ -26,6 +26,8 @@
 Library
 -------
 
+- Issue #1621: Avoid signed int negation overflow in the "audioop" module.
+
 - Issue #27533: Release GIL in nt._isdir
 
 - Issue #17711: Fixed unpickling by the persistent ID with protocol 0.
diff -r e0761e817deb -r d6a86018ab33 Modules/audioop.c
--- a/Modules/audioop.c	Tue Jul 19 02:50:51 2016 +0000
+++ b/Modules/audioop.c	Tue Jul 19 03:05:42 2016 +0000
@@ -446,7 +446,9 @@
         return NULL;
     for (i = 0; i < fragment->len; i += width) {
         int val = GETRAWSAMPLE(width, fragment->buf, i);
-        if (val < 0) absval = (-val);
+        /* Cast to unsigned before negating. Unsigned overflow is well-
+        defined, but signed overflow is not. */
+        if (val < 0) absval = -(unsigned int)val;
         else absval = val;
         if (absval > max) max = absval;
     }