Overview

File vorbis-CVE-2018-10393.patch of Package libvorbis

---
 lib/psy.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/lib/psy.c
+++ b/lib/psy.c
@@ -604,6 +604,7 @@ static void bark_noise_hybridmp(int n,co
     lo = b[i] >> 16;
     if( lo>=0 ) break;
     hi = b[i] & 0xffff;
+    if( hi>=n || -lo >=n ) break;
 
     tN = N[hi] + N[-lo];
     tX = X[hi] - X[-lo];
@@ -625,7 +626,7 @@ static void bark_noise_hybridmp(int n,co
 
     lo = b[i] >> 16;
     hi = b[i] & 0xffff;
-    if(hi>=n)break;
+    if( hi>=n || lo >=n ) break;
     tN = N[hi] - N[lo];
     tX = X[hi] - X[lo];
     tXX = XX[hi] - XX[lo];
@@ -654,6 +655,7 @@ static void bark_noise_hybridmp(int n,co
     hi = i + fixed / 2;
     lo = hi - fixed;
     if(lo>=0)break;
+    if( hi>=n || -lo >=n ) break;
 
     tN = N[hi] + N[-lo];
     tX = X[hi] - X[-lo];
@@ -674,6 +676,7 @@ static void bark_noise_hybridmp(int n,co
     hi = i + fixed / 2;
     lo = hi - fixed;
     if(hi>=n)break;
+    if( hi>=n || lo >=n ) break;
 
     tN = N[hi] - N[lo];
     tX = X[hi] - X[lo];
openSUSE Build Service is sponsored by
Places