From 8ef50016befd8e684866a84c09dd0460d379e2ee Mon Sep 17 00:00:00 2001
From: wm4 <wm4@nowhere>
Date: Tue, 8 Aug 2017 14:11:58 +0200
Subject: player: fix --end with large values

Causea a simple integer overflow.

Fixes #4650.
---
 player/audio.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'player')

diff --git a/player/audio.c b/player/audio.c
index 7a29b110ae..d1e4c83a9a 100644
--- a/player/audio.c
+++ b/player/audio.c
@@ -800,8 +800,11 @@ static bool copy_output(struct MPContext *mpctx, struct mp_audio_buffer *outbuf,
         if (endpts != MP_NOPTS_VALUE) {
             double rate = afs->output.rate / mpctx->audio_speed;
             double curpts = written_audio_pts(mpctx);
-            if (curpts != MP_NOPTS_VALUE)
-                maxsamples = (endpts - curpts - mpctx->opts->audio_delay) * rate;
+            if (curpts != MP_NOPTS_VALUE) {
+                double remaining =
+                    (endpts - curpts - mpctx->opts->audio_delay) * rate;
+                maxsamples = MPCLAMP(remaining, 0, INT_MAX);
+            }
         }
 
         struct mp_audio *mpa = af_read_output_frame(afs);
-- 
cgit v1.2.3