From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:36791)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1QRTBA-0000oF-UT
	for qemu-devel@nongnu.org; Tue, 31 May 2011 13:56:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1QRTB8-0001AC-Ky
	for qemu-devel@nongnu.org; Tue, 31 May 2011 13:56:32 -0400
Received: from mnementh.archaic.org.uk ([81.2.115.146]:45752)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1QRTB8-00019G-8v
	for qemu-devel@nongnu.org; Tue, 31 May 2011 13:56:30 -0400
From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue, 31 May 2011 18:28:58 +0100
Message-Id: <1306862938-13431-1-git-send-email-peter.maydell@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] [PATCH] audio: fix integer overflow expression
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: =?UTF-8?q?Juha=20Riihim=C3=A4ki?= <juha.riihimaki@nokia.com>, =?UTF-8?q?Andreas=20F=C3=A4rber?= <andreas.faerber@web.de>, patches@linaro.org

From: Juha Riihimäki <juha.riihimaki@nokia.com>

Fix an integer overflow that can happen for signed 32 bit types
when using FLOAT_MIXENG. (Note that at the moment this is only true
when using the MacOSX coreaudio audio driver.)

Signed-off-by: Juha Riihimäki <juha.riihimaki@nokia.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
I'm trying to get random patches out of my patch-stack and upstream.
This one looks "obviously correct" but it only kicks in for MacOSX
and coreaudio, and I don't have access to that platform to test myself,
so treat my reviewed-by accordingly.

This has actually been posted here before, last year:
 http://patchwork.ozlabs.org/patch/48703/

 audio/mixeng_template.h |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/audio/mixeng_template.h b/audio/mixeng_template.h
index a2d0ef8..e01da0a 100644
--- a/audio/mixeng_template.h
+++ b/audio/mixeng_template.h
@@ -46,7 +46,7 @@ static mixeng_real inline glue (conv_, ET) (IN_T v)
 #endif
 #else  /* !RECIPROCAL */
 #ifdef SIGNED
-    return nv / (mixeng_real) (IN_MAX - IN_MIN);
+    return nv / (mixeng_real) ((mixeng_real)IN_MAX - (mixeng_real)IN_MIN);
 #else
     return (nv - HALF) / (mixeng_real) IN_MAX;
 #endif
@@ -63,7 +63,7 @@ static IN_T inline glue (clip_, ET) (mixeng_real v)
     }
 
 #ifdef SIGNED
-    return ENDIAN_CONVERT ((IN_T) (v * (IN_MAX - IN_MIN)));
+    return ENDIAN_CONVERT ((IN_T) (v * ((mixeng_real)IN_MAX - (mixeng_real)IN_MIN)));
 #else
     return ENDIAN_CONVERT ((IN_T) ((v * IN_MAX) + HALF));
 #endif
-- 
1.7.1