Overview

File libsndfile-CVE-2017-17456-alaw-range-check.patch of Package libsndfile.9561

---
 src/alaw.c |   36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

--- a/src/alaw.c
+++ b/src/alaw.c
@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count,
 static inline void
 f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
 {	while (--count >= 0)
-	{	if (ptr [count] >= 0)
-			buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ;
-		else
-			buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = alaw_encode [0] ;
+		} else if (ptr [count] >= 0) {
+			idx = lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048;
+			buffer [count] = alaw_encode [idx] ;
+		} else {
+			idx = -lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048 ;
+			buffer [count] = 0x7F & alaw_encode [idx] ;
+			}
 		} ;
 } /* f2alaw_array */
 
 static inline void
 d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
 {	while (--count >= 0)
-	{	if (ptr [count] >= 0)
-			buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
-		else
-			buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
+	{	int idx;
+		if (isnan (ptr [count])) {
+			buffer [count] = alaw_encode [0] ;
+		} else if (ptr [count] >= 0) {
+			idx = lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048;
+			buffer [count] = alaw_encode [idx] ;
+		} else {
+			idx = -lrintf (normfact * ptr [count]) ;
+			if (idx > 2048)
+				idx = 2048 ;
+			buffer [count] = 0x7F & alaw_encode [idx] ;
+			}
 		} ;
 } /* d2alaw_array */
openSUSE Build Service is sponsored by
Places