From 7f594f8b7d10bbc16a4a31de8ec5a279af9c7378 Mon Sep 17 00:00:00 2001
From: Olli <oparviai@iki.fi>
Date: Wed, 31 Oct 2018 18:36:05 +0200
Subject: [PATCH] New take on CVE-2018-17097 i.e. avoiding writing beyond end
 of buffer in case of 24-bit samples

---
 source/SoundStretch/WavFile.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
index fd33f6a..539edd2 100644
--- a/source/SoundStretch/WavFile.cpp
+++ b/source/SoundStretch/WavFile.cpp
@@ -924,8 +924,7 @@ void WavOutFile::write(const float *buffer, int numElems)
 
     bytesPerSample = header.format.bits_per_sample / 8;
     numBytes = numElems * bytesPerSample;
-    int confBufBytes = (numBytes + 3) & -4; // round up to nearest multiple of four to avoid overflow with 24bit-value assignment
-    void *temp = getConvBuffer(confBufBytes);
+    void *temp = getConvBuffer(numBytes + 7);   // round bit up to avoid buffer overrun with 24bit-value assignment
 
     switch (bytesPerSample)
     {