diff -ru libvorbis-1.3.5.orig/lib/info.c libvorbis-1.3.5/lib/info.c
--- libvorbis-1.3.5.orig/lib/info.c	2015-02-26 22:58:19.000000000 +0100
+++ libvorbis-1.3.5/lib/info.c	2018-02-27 16:47:27.373883142 +0100
@@ -583,7 +583,8 @@
   oggpack_buffer opb;
   private_state *b=v->backend_state;
 
-  if(!b||vi->channels<=0){
+  if(!b||vi->channels<=0||vi->channels>256){
+    b = NULL;
     ret=OV_EFAULT;
     goto err_out;
   }
diff -ru libvorbis-1.3.5.orig/lib/psy.c libvorbis-1.3.5/lib/psy.c
--- libvorbis-1.3.5.orig/lib/psy.c	2013-11-12 05:01:54.000000000 +0100
+++ libvorbis-1.3.5/lib/psy.c	2018-02-27 16:47:58.285637422 +0100
@@ -600,7 +600,7 @@
     XY[i] = tXY;
   }
 
-  for (i = 0, x = 0.f;; i++, x += 1.f) {
+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
 
     lo = b[i] >> 16;
     if( lo>=0 ) break;
@@ -622,12 +622,11 @@
     noise[i] = R - offset;
   }
 
-  for ( ;; i++, x += 1.f) {
+  for ( ; i < n; i++, x += 1.f) {
 
     lo = b[i] >> 16;
     hi = b[i] & 0xffff;
     if(hi>=n)break;
-
     tN = N[hi] - N[lo];
     tX = X[hi] - X[lo];
     tXX = XX[hi] - XX[lo];
@@ -652,7 +651,7 @@
 
   if (fixed <= 0) return;
 
-  for (i = 0, x = 0.f;; i++, x += 1.f) {
+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
     hi = i + fixed / 2;
     lo = hi - fixed;
     if(lo>=0)break;
@@ -671,7 +670,7 @@
 
     if (R - offset < noise[i]) noise[i] = R - offset;
   }
-  for ( ;; i++, x += 1.f) {
+  for ( ; i < n; i++, x += 1.f) {
 
     hi = i + fixed / 2;
     lo = hi - fixed;