File vorbis-CVE-2017-14160.patch of Package libvorbis.7353

From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001
Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Wed, 15 Nov 2017 13:12:00 +0100
Subject: [PATCH] CVE-2017-14160: make sure we don't overflow

---
 lib/psy.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

--- a/lib/psy.c
+++ b/lib/psy.c
@@ -600,7 +600,7 @@ static void bark_noise_hybridmp(int n,co
     XY[i] = tXY;
   }
 
-  for (i = 0, x = 0.f;; i++, x += 1.f) {
+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
 
     lo = b[i] >> 16;
     if( lo>=0 ) break;
@@ -622,12 +622,11 @@ static void bark_noise_hybridmp(int n,co
     noise[i] = R - offset;
   }
 
-  for ( ;; i++, x += 1.f) {
+  for ( ; i < n; i++, x += 1.f) {
 
     lo = b[i] >> 16;
     hi = b[i] & 0xffff;
     if(hi>=n)break;
-
     tN = N[hi] - N[lo];
     tX = X[hi] - X[lo];
     tXX = XX[hi] - XX[lo];
@@ -652,7 +651,7 @@ static void bark_noise_hybridmp(int n,co
 
   if (fixed <= 0) return;
 
-  for (i = 0, x = 0.f;; i++, x += 1.f) {
+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
     hi = i + fixed / 2;
     lo = hi - fixed;
     if(lo>=0)break;
@@ -671,7 +670,7 @@ static void bark_noise_hybridmp(int n,co
 
     if (R - offset < noise[i]) noise[i] = R - offset;
   }
-  for ( ;; i++, x += 1.f) {
+  for ( ; i < n; i++, x += 1.f) {
 
     hi = i + fixed / 2;
     lo = hi - fixed;
openSUSE Build Service is sponsored by