On Sun, May 10, 2026 at 07:25:21PM +0100, Jonathan Wiltshire wrote: > Hi, > > On Sat, May 09, 2026 at 05:39:40PM +0300, Adrian Bunk wrote: > > +@@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int > > ndims,int inverse_fft,void > > + kiss_fftndr_cfg st = NULL; > > + size_t nr=0 , nd=0,ntmp=0; > > + int dimReal = dims[ndims-1]; > > +- int dimOther = prod(dims,ndims-1); > > ++ size_t dimOther = prod(dims,ndims-1); > > + size_t memneeded; > > + char * ptr = NULL; > > ++ int k,check; > > + > > + (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr); > > + (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd); > > + ntmp = > > + MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq > > buffer for one pass > > +- + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large > > enough to hold entire input in case of in-place > > ++ + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // > > large enough to hold entire input in case of in-place > > + > > + memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state > > )) + KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) + > > KISS_FFT_ALIGN_SIZE_UP(ntmp); > > + > > ++ /* check for overflow */ > > ++ check = memneeded; > > Not being familiar with the codebase I very much could be wrong, but as > check is int and memneeded is size_t could it get truncated or wrapped on > large values?
Good catch, I'll ask upstream about it. check is only used for checking whether memneeded is big enough, my reading of the code is that the impact might be rejecting valid very large input. cu Adrian
