File libsndfile-CVE-2017-17457-ulaw-range-check.patch of Package libsndfile.7696

Overview Repositories Revisions Requests Users Attributes Meta

File libsndfile-CVE-2017-17457-ulaw-range-check.patch of Package libsndfile.7696

---
 src/ulaw.c |   36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -837,20 +837,40 @@ i2ulaw_array (const int *ptr, int count,
 static inline void
 f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
 {	while (--count >= 0)
-	{	if (ptr [count] >= 0)
-			buffer [count] = ulaw_encode [lrintf (normfact * ptr [count])] ;
-		else
-			buffer [count] = 0x7F & ulaw_encode [- lrintf (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = ulaw_encode [0];
+		} else if (ptr [count] >= 0) {
+			idx = lrint (normfact * ptr [count]);
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = ulaw_encode [idx] ;
+		} else {
+			idx = -lrint (normfact * ptr [count]) ;
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = 0x7F & ulaw_encode [idx] ;
+			}
 		} ;
 } /* f2ulaw_array */
 
 static inline void
 d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
 {	while (--count >= 0)
-	{	if (ptr [count] >= 0)
-			buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
-		else
-			buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = ulaw_encode [0];
+		} else if (ptr [count] >= 0) {
+			idx = lrint (normfact * ptr [count]);
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = ulaw_encode [idx] ;
+		} else {
+			idx = -lrint (normfact * ptr [count]) ;
+			if (idx > 8192)
+				idx = 8192;
+			buffer [count] = 0x7F & ulaw_encode [idx] ;
+			}
 		} ;
 } /* d2ulaw_array */

Places

File libsndfile-CVE-2017-17457-ulaw-range-check.patch of Package libsndfile.7696

Places