From 0bf7282f585c6731766a460719ddf9355e07d620 Mon Sep 17 00:00:00 2001
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Tue, 23 Aug 2022 19:40:35 +0200
Subject: Protect window functions from NaN

Credit: oss-fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47747
---
 src/libFLAC/window.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/libFLAC/window.c b/src/libFLAC/window.c
index b0eccee9..4ee6f79d 100644
--- a/src/libFLAC/window.c
+++ b/src/libFLAC/window.c
@@ -122,9 +122,15 @@ void FLAC__window_gauss(FLAC__real *window, const FLAC__int32 L, const FLAC__rea
 	const double N2 = (double)N / 2.;
 	FLAC__int32 n;
 
-	for (n = 0; n <= N; n++) {
-		const double k = ((double)n - N2) / (stddev * N2);
-		window[n] = (FLAC__real)exp(-0.5f * k * k);
+	if(!(stddev > 0.0f && stddev <= 0.5f))
+		/* stddev is not between 0 and 0.5, might be NaN.
+		 * Default to 0.5 */
+		FLAC__window_gauss(window, L, 0.25f);
+	else {
+		for (n = 0; n <= N; n++) {
+			const double k = ((double)n - N2) / (stddev * N2);
+			window[n] = (FLAC__real)exp(-0.5f * k * k);
+		}
 	}
 }
 
@@ -196,6 +202,10 @@ void FLAC__window_tukey(FLAC__real *window, const FLAC__int32 L, const FLAC__rea
 		FLAC__window_rectangle(window, L);
 	else if (p >= 1.0)
 		FLAC__window_hann(window, L);
+	else if (!(p > 0.0f && p < 1.0f))
+		/* p is not between 0 and 1, probably NaN.
+		 * Default to 0.5 */
+		FLAC__window_tukey(window, L, 0.5f);
 	else {
 		const FLAC__int32 Np = (FLAC__int32)(p / 2.0f * L) - 1;
 		FLAC__int32 n;
@@ -222,6 +232,10 @@ void FLAC__window_partial_tukey(FLAC__real *window, const FLAC__int32 L, const F
 		FLAC__window_partial_tukey(window, L, 0.05f, start, end);
 	else if (p >= 1.0f)
 		FLAC__window_partial_tukey(window, L, 0.95f, start, end);
+	else if (!(p > 0.0f && p < 1.0f))
+		/* p is not between 0 and 1, probably NaN.
+		 * Default to 0.5 */
+		FLAC__window_partial_tukey(window, L, 0.5f, start, end);
 	else {
 
 		Np = (FLAC__int32)(p / 2.0f * N);
@@ -249,6 +263,10 @@ void FLAC__window_punchout_tukey(FLAC__real *window, const FLAC__int32 L, const
 		FLAC__window_punchout_tukey(window, L, 0.05f, start, end);
 	else if (p >= 1.0f)
 		FLAC__window_punchout_tukey(window, L, 0.95f, start, end);
+	else if (!(p > 0.0f && p < 1.0f))
+		/* p is not between 0 and 1, probably NaN.
+		 * Default to 0.5 */
+		FLAC__window_punchout_tukey(window, L, 0.5f, start, end);
 	else {
 
 		Ns = (FLAC__int32)(p / 2.0f * start_n);
-- 
cgit v1.2.1