From d47ecef1b561322872437368edbfff69dc5ad0bd Mon Sep 17 00:00:00 2001
From: Romain Vimont <rom@rom1v.com>
Date: Thu, 1 Feb 2024 17:27:14 +0100
Subject: [PATCH] Limit buffering time value

This avoids unreasonable values which could lead to integer overflow.

PR #4572 <https://github.com/Genymobile/scrcpy/pull/4572>
---
 app/src/cli.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/src/cli.c b/app/src/cli.c
index f7d7e390..b2b02ecd 100644
--- a/app/src/cli.c
+++ b/app/src/cli.c
@@ -1385,7 +1385,11 @@ parse_max_fps(const char *s, uint16_t *max_fps) {
 static bool
 parse_buffering_time(const char *s, sc_tick *tick) {
     long value;
-    bool ok = parse_integer_arg(s, &value, false, 0, 0x7FFFFFFF,
+    // In practice, buffering time should not exceed a few seconds.
+    // Limit it to some arbitrary value (1 hour) to prevent 32-bit overflow
+    // when multiplied by the audio sample size and the number of samples per
+    // millisecond.
+    bool ok = parse_integer_arg(s, &value, false, 0, 60 * 60 * 1000,
                                 "buffering time");
     if (!ok) {
         return false;