Index: src/fluid_voice.c
===================================================================
RCS file: /cvsroot/fluid/fluidsynth/src/fluid_voice.c,v
retrieving revision 1.15
diff -u -r1.15 fluid_voice.c
--- src/fluid_voice.c	11 Jun 2005 11:06:43 -0000	1.15
+++ src/fluid_voice.c	16 Sep 2005 23:57:07 -0000
@@ -331,7 +331,7 @@
   /* All variables starting with dsp_ are used by the DSP
      loop. Documented in fluid_dsp_core.c */
 
-  int dsp_phase_index;
+  unsigned int dsp_phase_index, dsp_data_start, dsp_data_end;
   unsigned int dsp_i;
   fluid_phase_t dsp_phase, dsp_phase_incr;
   fluid_real_t dsp_incr; 
@@ -348,33 +348,46 @@
   short* dsp_data;
   int dsp_interp_method = voice->interp_method;
 
+  fluid_real_t* dsp_buf_unaligned;
+  fluid_real_t* dsp_buf;
+  fluid_env_data_t* env_data;
+  fluid_real_t x;
 
 #ifdef ENABLE_SSE
-  float mem_for_sse_interface[5*4+4];             /* Reserve memory */
+  float* mem_for_sse_interface;
+  sse_t* sse_n,
+       * sse_a,
+       * sse_b,
+       * sse_c,
+       * sse_d,
+       * sse_e,
+       * sse_coeff,
+       * sse_src,
+       * sse_dest_left,
+       * sse_dest_right,
+       * sse_dest;
+
+  i = sizeof(float) * (5*4+4);
+  mem_for_sse_interface = (float*) FLUID_MALLOC(i)
+                                                  /* Reserve memory */
                                                   /* +4: add four floats for 16 added bytes */
+  FLUID_MEMSET(mem_for_sse_interface, 0, i);
 
   /* Align the first element */
-  sse_t* sse_n = (sse_t*) FLUID_ALIGN16BYTE(&mem_for_sse_interface);   
-  sse_t* sse_a = sse_n++;                         /* The ++ operator increases
+  sse_n = (sse_t*) FLUID_ALIGN16BYTE(&mem_for_sse_interface);   
+  sse_a = sse_n++;                                /* The ++ operator increases
 						   * by the size of the structure! */
-  sse_t* sse_b = sse_n++;
-  sse_t* sse_c = sse_n++;
-  sse_t* sse_d = sse_n++;
-  sse_t* sse_e = sse_n++;
-  sse_t* sse_coeff;
-
-  sse_t* sse_src;
-  sse_t* sse_dest_left;
-  sse_t* sse_dest_right;
-  sse_t* sse_dest;
+  sse_b = sse_n++;
+  sse_c = sse_n++;
+  sse_d = sse_n++;
+  sse_e = sse_n++;
 #endif
 
   /* +4: add four floats for 16 added bytes */
-  fluid_real_t dsp_buf_unaligned[FLUID_BUFSIZE+4];  
-  fluid_real_t* dsp_buf = (fluid_real_t*) FLUID_ALIGN16BYTE(&dsp_buf_unaligned);
-  fluid_env_data_t* env_data;
-  fluid_real_t x;
-
+  i = sizeof(fluid_real_t) * (FLUID_BUFSIZE+4);
+  dsp_buf_unaligned = (fluid_real_t*) FLUID_MALLOC(i);
+  FLUID_MEMSET(dsp_buf_unaligned, 0, i);
+  dsp_buf = (fluid_real_t*) FLUID_ALIGN16BYTE(dsp_buf_unaligned);
 
   /* make sure we're playing and that we have sample data */
   if (!_PLAYING(voice)) {
@@ -741,9 +754,23 @@
    /* Now we set up the variables, that go into the DSP routine. For documentation,
     * see fluid_dsp_core.c
     */
+
    /* Sample waveform data */
    dsp_data = voice->sample->data;
-   
+   dsp_data_start = voice->sample->start;
+   dsp_data_end = voice->sample->end;
+
+   /* dsp_data should point to sample data typically allocated
+    * when reading a sound font file. Check that it actually
+    * points to valid memory and that the start and end
+    * indexes correspond to valid memory. If the dsp_data pointer
+    * points to invalid memory, it is better to find this
+    * out before entering the dsp loop.
+    */
+   i = (unsigned int) dsp_data[0];
+   i = (unsigned int) dsp_data[dsp_data_start];
+   i = (unsigned int) dsp_data[dsp_data_end];
+
    /* IIR filter sample history */
    dsp_hist1 = voice->hist1;
    dsp_hist2 = voice->hist2;
Index: src/fluid_dsp_float.c
===================================================================
RCS file: /cvsroot/fluid/fluidsynth/src/fluid_dsp_float.c,v
retrieving revision 1.1
diff -u -r1.1 fluid_dsp_float.c
--- src/fluid_dsp_float.c	30 Mar 2004 10:07:32 -0000	1.1
+++ src/fluid_dsp_float.c	16 Sep 2005 23:57:07 -0000
@@ -105,7 +105,20 @@
 	 */
 	for (dsp_i = dsp_start; dsp_i < dsp_end; dsp_i++) {  
 		/* Mix to the buffer and advance the phase by one sample */
-		dsp_buf[dsp_i] = dsp_amp * dsp_data[fluid_phase_index_plusplus(dsp_phase)];
+		dsp_phase_index = fluid_phase_index_plusplus(dsp_phase);
+#if 0
+		if (dsp_phase_index < dsp_data_start) {
+			FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is smaller than dsp_data_start %d",
+			    dsp_phase_index, dsp_data_start);
+			break;
+		}
+		if (dsp_phase_index > dsp_data_end) {
+			FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is larger than dsp_data_end %d",
+			    dsp_phase_index, dsp_data_end);
+			break;
+		}
+#endif
+		dsp_buf[dsp_i] = dsp_amp * dsp_data[dsp_phase_index];
 		dsp_amp += dsp_amp_incr;
 	}
 
@@ -120,7 +133,19 @@
 		 * efficient. */
     
 		for (dsp_i = dsp_start; dsp_i < dsp_end; dsp_i++) {  
-			dsp_phase_index = fluid_phase_index(dsp_phase); 
+			dsp_phase_index = fluid_phase_index(dsp_phase);
+#if 0
+			if (dsp_phase_index < dsp_data_start) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is smaller than dsp_data_start %d",
+			        dsp_phase_index, dsp_data_start);
+			    break;
+			}
+			if (dsp_phase_index > dsp_data_end) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is larger than dsp_data_end %d",
+			        dsp_phase_index, dsp_data_end);
+			    break;
+			}
+#endif
 			dsp_buf[dsp_i] = dsp_amp * dsp_data[dsp_phase_index];
       
 			/* increment phase and amplitude */ 
@@ -133,7 +158,19 @@
 		/* Straight line interpolation. */
 		for (dsp_i = dsp_start; dsp_i < dsp_end; dsp_i++) {  
 			dsp_coeff = &interp_coeff_linear[fluid_phase_fract_to_tablerow(dsp_phase)];  
-			dsp_phase_index = fluid_phase_index(dsp_phase); 
+			dsp_phase_index = fluid_phase_index(dsp_phase);
+#if 1
+			if (dsp_phase_index < dsp_data_start) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is smaller than dsp_data_start %d",
+			        dsp_phase_index, dsp_data_start);
+			    break;
+			}
+			if (dsp_phase_index > (dsp_data_end - 1)) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is larger than dsp_data_end-1 %d",
+			        dsp_phase_index, dsp_data_end-1);
+			    break;
+			}
+#endif
 			dsp_buf[dsp_i] = (dsp_amp * 
 					  (dsp_coeff->a0 * dsp_data[dsp_phase_index] 
 					   + dsp_coeff->a1 * dsp_data[dsp_phase_index+1]));
@@ -149,9 +186,20 @@
 		/* Default interpolation loop using floats */
       
 		for (dsp_i = dsp_start; dsp_i < dsp_end; dsp_i++) {  
-			dsp_coeff = &interp_coeff[fluid_phase_fract_to_tablerow(dsp_phase)];  
-	
-			dsp_phase_index = fluid_phase_index(dsp_phase); 
+			dsp_coeff = &interp_coeff[fluid_phase_fract_to_tablerow(dsp_phase)];
+			dsp_phase_index = fluid_phase_index(dsp_phase);
+#if 0
+			if (dsp_phase_index < dsp_data_start) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is smaller than dsp_data_start %d",
+			        dsp_phase_index, dsp_data_start);
+			    break;
+			}
+			if (dsp_phase_index > (dsp_data_end - 3)) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is larger than dsp_data_end-3 %d",
+			        dsp_phase_index, dsp_data_end-3);
+			    break;
+			}
+#endif
 			dsp_buf[dsp_i] = (dsp_amp * 
 					  (dsp_coeff->a0 * dsp_data[dsp_phase_index] 
 					   + dsp_coeff->a1 * dsp_data[dsp_phase_index+1] 
@@ -169,6 +217,18 @@
 		for (dsp_i = dsp_start; dsp_i < dsp_end; dsp_i++) {
 			int fract = fluid_phase_fract_to_tablerow(dsp_phase);
 			dsp_phase_index = fluid_phase_index(dsp_phase);
+#if 0
+			if (dsp_phase_index < dsp_data_start) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is smaller than dsp_data_start %d",
+			        dsp_phase_index, dsp_data_start);
+			    break;
+			}
+			if (dsp_phase_index > (dsp_data_end - 6)) {
+			    FLUID_LOG(FLUID_PANIC, "dsp_phase_index %d is larger than dsp_data_end-6 %d",
+			        dsp_phase_index, dsp_data_end-6);
+			    break;
+			}
+#endif
 			dsp_buf[dsp_i] = (dsp_amp * 
 					  (sinc_table7[0][fract] * (fluid_real_t) dsp_data[dsp_phase_index] 
 					   + sinc_table7[1][fract] * (fluid_real_t) dsp_data[dsp_phase_index+1]