--- speex-1.2rc1/libspeex/speex_header.c.cve-2008-1686 2008-05-30 09:34:16.000000000 +0200 +++ speex-1.2rc1/libspeex/speex_header.c 2009-04-07 05:40:24.000000000 +0200 @@ -190,6 +190,13 @@ if (le_header->nb_channels<1) le_header->nb_channels = 1; + if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0) + { + speex_notify("Invalid mode specified in Speex header"); + speex_free (le_header); + return NULL; + } + return le_header; }