File vorbis-CVE-2018-10393.patch of Package libvorbis.openSUSE_Leap_42.3_Update
---
lib/psy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/lib/psy.c
+++ b/lib/psy.c
@@ -605,6 +605,7 @@ static void bark_noise_hybridmp(int n,co
lo = b[i] >> 16;
if( lo>=0 ) break;
hi = b[i] & 0xffff;
+ if( hi>=n || -lo >=n ) break;
tN = N[hi] + N[-lo];
tX = X[hi] - X[-lo];
@@ -626,7 +627,7 @@ static void bark_noise_hybridmp(int n,co
lo = b[i] >> 16;
hi = b[i] & 0xffff;
- if(hi>=n)break;
+ if( hi>=n || lo >=n ) break;
tN = N[hi] - N[lo];
tX = X[hi] - X[lo];
tXX = XX[hi] - XX[lo];
@@ -655,6 +656,7 @@ static void bark_noise_hybridmp(int n,co
hi = i + fixed / 2;
lo = hi - fixed;
if(lo>=0)break;
+ if( hi>=n || -lo >=n ) break;
tN = N[hi] + N[-lo];
tX = X[hi] - X[-lo];
@@ -675,6 +677,7 @@ static void bark_noise_hybridmp(int n,co
hi = i + fixed / 2;
lo = hi - fixed;
if(hi>=n)break;
+ if( hi>=n || lo >=n ) break;
tN = N[hi] - N[lo];
tX = X[hi] - X[lo];