Join GitHub today
Integer overflow in handling of -l (length) and -D (delay) parameter #13
beep contains integer overflows in the handling of the length and delay parameters.
To test compile beep with ubsan:
The problem is that the value is multiplied by 1000. Integer overflows are undefined behavior and can thus lead to unpredictable outcome due to compiler optimizations.
This could be made safe by using unsigned variables. They could still overflow, but would "just" wrap around and lead to different values being used. Alternatively of course the inputs could be capped to values that can safely be multiplied within the size of an integer.