File libsndfile-CVE-2017-17457-ulaw-range-check.patch of Package libsndfile-progs
---
src/ulaw.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count,
static inline void
f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ;
- else
- buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = ulaw_encode [0];
+ } else if (ptr [count] >= 0) {
+ idx = lrint (normfact * ptr [count]);
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = ulaw_encode [idx] ;
+ } else {
+ idx = -lrint (normfact * ptr [count]) ;
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = 0x7F & ulaw_encode [idx] ;
+ }
} ;
} /* f2ulaw_array */
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
- else
- buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = ulaw_encode [0];
+ } else if (ptr [count] >= 0) {
+ idx = lrint (normfact * ptr [count]);
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = ulaw_encode [idx] ;
+ } else {
+ idx = -lrint (normfact * ptr [count]) ;
+ if (idx > 8192)
+ idx = 8192;
+ buffer [count] = 0x7F & ulaw_encode [idx] ;
+ }
} ;
} /* d2ulaw_array */