From a1c400eb2cff849c0e5f9d6916d69ffea3ad2c85 Mon Sep 17 00:00:00 2001 From: Olli Date: Sun, 28 Oct 2018 15:32:58 +0200 Subject: [PATCH] Fix issue CVE-2018-17096: Replace assert with runtime exception --- source/SoundTouch/BPMDetect.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/SoundTouch/BPMDetect.cpp b/source/SoundTouch/BPMDetect.cpp index 01202f0..3ecda49 100644 --- a/source/SoundTouch/BPMDetect.cpp +++ b/source/SoundTouch/BPMDetect.cpp @@ -186,8 +186,10 @@ BPMDetect::BPMDetect(int numChannels, int aSampleRate) : // choose decimation factor so that result is approx. 1000 Hz decimateBy = sampleRate / TARGET_SRATE; - assert(decimateBy > 0); - assert(INPUT_BLOCK_SIZE < decimateBy * DECIMATED_BLOCK_SIZE); + if ((decimateBy <= 0) || (decimateBy * DECIMATED_BLOCK_SIZE < INPUT_BLOCK_SIZE)) + { + ST_THROW_RT_ERROR("Too small samplerate"); + } // Calculate window length & starting item according to desired min & max bpms windowLen = (60 * sampleRate) / (decimateBy * MIN_BPM);