Autres/audacity
1
0
Fork 0
mirror of https://github.com/cookiengineer/audacity synced 2025-10-17 16:11:11 +02:00
Code Issues Releases Wiki Activity

Make many conversions sampleCount->size_t are explicit and checked...

Browse Source 
... with run-time assertions.

I examined each place and reasoned that the narrowing was safe, and commented
why so.

Again, there are places where the sampleCount variable will later be changed
to have a different type, and they are not changed here.
This commit is contained in:
Paul Licameli
2016-08-31 00:49:22 -04:00
parent 78be459fa1
commit 078ff056e2
17 changed files with 220 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/ondemand/ODDecodeFFmpegTask.cpp
View File

@@ -393,8 +393,9 @@ int ODFFmpegDecoder::Decode(SampleBuffer & data, sampleFormat & format, sampleCo
// find the number of samples for the leading silence
// UNSAFE_SAMPLE_COUNT_TRUNCATION
// -- but used only experimentally as of this writing
// Is there a proof size_t will not overflow?
auto amt = actualDecodeStart - start;
// Is there a proof size_t will not overflow size_t?
// Result is surely nonnegative.
auto amt = (actualDecodeStart - start).as_size_t();
auto cache = make_movable<FFMpegDecodeCache>();
//printf("skipping/zeroing %i samples. - now:%llu (%f), last:%llu, lastlen:%llu, start %llu, len %llu\n",amt,actualDecodeStart, actualDecodeStartdouble, mCurrentPos, mCurrentLen, start, len);
@@ -513,14 +514,19 @@ int ODFFmpegDecoder::FillDataFromCache(samplePtr & data, sampleFormat outFormat,
auto nChannels = mDecodeCache[i]->numChannels;
auto samplesHit = (
// Proof that the result is never negative: consider four cases
// of FFMIN and FFMAX choices, and use the if-condition enclosing.
// The result is not more than len.
FFMIN(start+len,mDecodeCache[i]->start+mDecodeCache[i]->len)
- FFMAX(mDecodeCache[i]->start,start)
);
- FFMAX(mDecodeCache[i]->start, start)
).as_size_t();
//find the start of the hit relative to the cache buffer start.
// UNSAFE_SAMPLE_COUNT_TRUNCATION
// -- but used only experimentally as of this writing
// Is there a proof size_t will not overflow?
const auto hitStartInCache = FFMAX(sampleCount{0},start-mDecodeCache[i]->start);
const auto hitStartInCache =
// result is less than mDecodeCache[i]->len:
FFMAX(sampleCount{0},start-mDecodeCache[i]->start).as_size_t();
//we also need to find out which end was hit - if it is the tail only we need to update from a later index.
const auto hitStartInRequest = start < mDecodeCache[i]->start
? len - samplesHit : sampleCount{ 0 };