1 From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001
2 Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org>
3 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
4 Date: Wed, 15 Nov 2017 13:12:00 +0100
5 Subject: [PATCH] CVE-2017-14160: make sure we don't overflow
6
7 ---
8 lib/psy.c | 9 ++++-----
9 1 file changed, 4 insertions(+), 5 deletions(-)
10
11 diff --git a/lib/psy.c b/lib/psy.c
12 index 422c6f1e..8bbf6cf3 100644
13 --- a/lib/psy.c
14 +++ b/lib/psy.c
15 @@ -599,7 +599,7 @@ static void bark_noise_hybridmp(int n,const long *b,
16 XY[i] = tXY;
17 }
18
19 - for (i = 0, x = 0.f;; i++, x += 1.f) {
20 + for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
21
22 lo = b[i] >> 16;
23 if( lo>=0 ) break;
24 @@ -621,12 +621,11 @@ static void bark_noise_hybridmp(int n,const long *b,
25 noise[i] = R - offset;
26 }
27
28 - for ( ;; i++, x += 1.f) {
29 + for ( ; i < n; i++, x += 1.f) {
30
31 lo = b[i] >> 16;
32 hi = b[i] & 0xffff;
33 if(hi>=n)break;
34 -
35 tN = N[hi] - N[lo];
36 tX = X[hi] - X[lo];
37 tXX = XX[hi] - XX[lo];
38 @@ -651,7 +650,7 @@ static void bark_noise_hybridmp(int n,const long *b,
39
40 if (fixed <= 0) return;
41
42 - for (i = 0, x = 0.f;; i++, x += 1.f) {
43 + for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
44 hi = i + fixed / 2;
45 lo = hi - fixed;
46 if(lo>=0)break;
47 @@ -670,7 +669,7 @@ static void bark_noise_hybridmp(int n,const long *b,
48
49 if (R - offset < noise[i]) noise[i] = R - offset;
50 }
51 - for ( ;; i++, x += 1.f) {
52 + for ( ; i < n; i++, x += 1.f) {
53
54 hi = i + fixed / 2;
55 lo = hi - fixed;
56 --
57 2.15.0
|
