From: Martin Panter <vadmium+py@gmail.com>
Date: Tue, 19 Jul 2016 03:05:42 +0000 (+0000)
Subject: Issue #1621: Avoid signed int negation overflow in audioop
X-Git-Tag: v3.6.0a4~148
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6fb90905e2c5e42e19484046757fd098df2c6fcf;p=thirdparty%2FPython%2Fcpython.git

Issue #1621: Avoid signed int negation overflow in audioop
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 621f7e5e595a..911a29ead209 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -26,6 +26,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #1621: Avoid signed int negation overflow in the "audioop" module.
+
 - Issue #27533: Release GIL in nt._isdir
 
 - Issue #17711: Fixed unpickling by the persistent ID with protocol 0.
diff --git a/Modules/audioop.c b/Modules/audioop.c
index 8ca64c6956c6..ed1eca3c1d7a 100644
--- a/Modules/audioop.c
+++ b/Modules/audioop.c
@@ -446,7 +446,9 @@ audioop_max_impl(PyObject *module, Py_buffer *fragment, int width)
         return NULL;
     for (i = 0; i < fragment->len; i += width) {
         int val = GETRAWSAMPLE(width, fragment->buf, i);
-        if (val < 0) absval = (-val);
+        /* Cast to unsigned before negating. Unsigned overflow is well-
+        defined, but signed overflow is not. */
+        if (val < 0) absval = -(unsigned int)val;
         else absval = val;
         if (absval > max) max = absval;
     }