From 5f67d002a27c8dabfd84fcab4df41e578911fde6 Mon Sep 17 00:00:00 2001 From: Alex Chronopoulos Date: Sun, 4 Dec 2022 17:11:13 +0100 Subject: [PATCH] LibAudio: Prevent int overflow in the user buffer queue The `UserSampleQueue::remaining_samples` calculates the result by subtracting two unsigned int numbers. That can lead to integer overflow. Add an assert to verify that the minuend is greater or equal to the subtrahend. --- Userland/Libraries/LibAudio/UserSampleQueue.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/Userland/Libraries/LibAudio/UserSampleQueue.cpp b/Userland/Libraries/LibAudio/UserSampleQueue.cpp index f58601849a..020cafb8b1 100644 --- a/Userland/Libraries/LibAudio/UserSampleQueue.cpp +++ b/Userland/Libraries/LibAudio/UserSampleQueue.cpp @@ -51,6 +51,7 @@ size_t UserSampleQueue::size() size_t UserSampleQueue::remaining_samples() { Threading::MutexLocker lock(m_sample_mutex); + VERIFY(m_backing_samples.size() >= m_samples_to_discard); return m_backing_samples.size() - m_samples_to_discard; }