From 5938f05b8fc5feef6f823a51c977b4f0cf51050f Mon Sep 17 00:00:00 2001
From: tlatorre <tlatorre@uchicago.edu>
Date: Tue, 18 Sep 2018 18:04:52 -0500
Subject: fix heap overflow in interp1d()

This commit fixes a potential heap overflow in interp1d() which could occur if
x was very close to the last value in the xp array. The bounds check is now
performed on the index rather than the x values.
---
 src/misc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/misc.c')

diff --git a/src/misc.c b/src/misc.c
index 00f2f6c..189d49b 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -327,10 +327,11 @@ double interp1d(double x, double *xp, double *yp, size_t n)
     size_t i;
 
     if (x <= xp[0]) return yp[0];
-    if (x >= xp[n-1]) return yp[n-1];
 
     i = (x-xp[0])/(xp[1]-xp[0]);
 
+    if (i > n-2) return yp[n-1];
+
     return yp[i] + (yp[i+1]-yp[i])*(x-xp[i])/(xp[i+1]-xp[i]);
 }
 
-- 
cgit