From d6b56793d84490e78c91afcb3af96071094b7292 Mon Sep 17 00:00:00 2001
From: Jean-Marc Valin <jmvalin@jmvalin.ca>
Date: Mon, 21 Oct 2013 17:53:48 -0400
Subject: [PATCH] Fixes a potential crash when encoding NaNs

This fixes tansig_approx() to avoid crashing when the input is NaN.
The problem could only be triggered when calling the float API with
a float build at a complexity of 7 or more (i.e. analysis called).
Since the crash was due to an out-of-bound read (typically the index
is INT_MIN), it's unlikely to be exploitable in any other way than
causing a crash.
---
 src/mlp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/mlp.c b/src/mlp.c
index 73b1d315b..56040bd7f 100644
--- a/src/mlp.c
+++ b/src/mlp.c
@@ -67,9 +67,10 @@ static inline float tansig_approx(float x)
 	int i;
 	float y, dy;
 	float sign=1;
-    if (x>=8)
+	/* Tests are reversed to catch NaNs */
+    if (!(x<8))
         return 1;
-    if (x<=-8)
+    if (!(x>-8))
         return -1;
 	if (x<0)
 	{
-- 
GitLab