CVE-2018-10393.patch 696 Bytes
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
From: Thomas Daede <daede003@umn.edu>
Date: Wed, 9 May 2018 14:56:59 -0700
Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.

---
 lib/psy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/psy.c b/lib/psy.c
index 422c6f1e..13101230 100644
--- a/lib/psy.c
+++ b/lib/psy.c
@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
   for (i = 0, x = 0.f;; i++, x += 1.f) {
 
     lo = b[i] >> 16;
-    if( lo>=0 ) break;
     hi = b[i] & 0xffff;
+    if( lo>=0 ) break;
+    if( hi>=n ) break;
 
     tN = N[hi] + N[-lo];
     tX = X[hi] - X[-lo];
-- 
2.18.0