Hi, On Sat, May 09, 2026 at 05:39:40PM +0300, Adrian Bunk wrote: > +@@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int > ndims,int inverse_fft,void > + kiss_fftndr_cfg st = NULL; > + size_t nr=0 , nd=0,ntmp=0; > + int dimReal = dims[ndims-1]; > +- int dimOther = prod(dims,ndims-1); > ++ size_t dimOther = prod(dims,ndims-1); > + size_t memneeded; > + char * ptr = NULL; > ++ int k,check; > + > + (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr); > + (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd); > + ntmp = > + MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq > buffer for one pass > +- + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large enough > to hold entire input in case of in-place > ++ + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // large > enough to hold entire input in case of in-place > + > + memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state )) > + KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) + > KISS_FFT_ALIGN_SIZE_UP(ntmp); > + > ++ /* check for overflow */ > ++ check = memneeded;
Not being familiar with the codebase I very much could be wrong, but as check is int and memneeded is size_t could it get truncated or wrapped on large values? -- Jonathan Wiltshire [email protected] Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
