From: Antonio Larrosa <larrosa@kde.org>
Date: Mon, 6 Mar 2017 13:54:52 +0100
Subject: Check for multiplication overflow in sfconvert

Checks that a multiplication doesn't overflow when
calculating the buffer size, and if it overflows,
reduce the buffer size instead of failing.

This fixes the 00192-audiofile-signintoverflow-sfconvert case
in #41
---
 sfcommands/sfconvert.c | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
index 80a1bc4..970a3e4 100644
--- a/sfcommands/sfconvert.c
+++ b/sfcommands/sfconvert.c
@@ -45,6 +45,33 @@ void printusage (void);
 void usageerror (void);
 bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
 
+int firstBitSet(int x)
+{
+        int position=0;
+        while (x!=0)
+        {
+                x>>=1;
+                ++position;
+        }
+        return position;
+}
+
+#ifndef __has_builtin
+#define __has_builtin(x) 0
+#endif
+
+int multiplyCheckOverflow(int a, int b, int *result)
+{
+#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
+	return __builtin_mul_overflow(a, b, result);
+#else
+	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
+		return true;
+	*result = a * b;
+	return false;
+#endif
+}
+
 int main (int argc, char **argv)
 {
 	if (argc == 2)
@@ -323,8 +350,11 @@ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid)
 {
 	int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
 
-	const int kBufferFrameCount = 65536;
-	void *buffer = malloc(kBufferFrameCount * frameSize);
+	int kBufferFrameCount = 65536;
+	int bufferSize;
+	while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
+		kBufferFrameCount /= 2;
+	void *buffer = malloc(bufferSize);
 
 	AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
 	AFframecount totalFramesWritten = 0;
ut type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f8b7320ab22a9df2450b338d5755ae4ae1e281c6'>root</a>/<a href='/guix/log/gnu?id=f8b7320ab22a9df2450b338d5755ae4ae1e281c6'>gnu</a>/<a href='/guix/log/gnu/build?id=f8b7320ab22a9df2450b338d5755ae4ae1e281c6'>build</a>/<a href='/guix/log/gnu/build/linux-modules.scm?id=f8b7320ab22a9df2450b338d5755ae4ae1e281c6'>linux-modules.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/build/linux-modules.scm?id=f8b7320ab22a9df2450b338d5755ae4ae1e281c6&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-12-16 12:53:52 -0500'>2021-12-16</span></td><td><a href='/guix/commit/gnu/build/linux-modules.scm?id=13f13554433c9dd47503131107dfbdd8a8031832'>linux-modules: Ignore EINVAL in ‘modprobe’ mode.</a><span class='msg-avail'>...<span class='msg-tooltip'>Loading the framebuffer-coreboot module simply fails with EINVAL on a
non-Corebooted system.  Crashing the system with a kernel panic is not
a reasonable reaction to loading valid modules on unsupported hardware.
The kernel should log an error, which the user is expected to see.

Bogus module names will still be fatally reported by linux-modules.drv.

* gnu/build/linux-modules.scm (load-linux-module*):
Ignore EINVAL errors when operating recursively.
</span></span></td><td>Tobias Geerinckx-Rice via Guix-patches via</td></tr>