diff -r 7846aadbd4f5 Lib/test/test_audioop.py
--- a/Lib/test/test_audioop.py	Thu Jun 25 23:39:53 2015 +0300
+++ b/Lib/test/test_audioop.py	Fri Jun 26 15:39:30 2015 +0300
@@ -273,6 +273,16 @@ class TestAudioop(unittest.TestCase):
         # state must be a tuple or None, not an integer
         self.assertRaises(TypeError, audioop.adpcm2lin, b'\0', 1, 555)
         self.assertRaises(TypeError, audioop.lin2adpcm, b'\0', 1, 555)
+        # Issues #24456, #24457: index out of range
+        self.assertRaises(ValueError, audioop.adpcm2lin, b'\0', 1, (0, -1))
+        self.assertRaises(ValueError, audioop.adpcm2lin, b'\0', 1, (0, 89))
+        self.assertRaises(ValueError, audioop.lin2adpcm, b'\0', 1, (0, -1))
+        self.assertRaises(ValueError, audioop.lin2adpcm, b'\0', 1, (0, 89))
+        # value out of range
+        self.assertRaises(ValueError, audioop.adpcm2lin, b'\0', 1, (-0x8001, 0))
+        self.assertRaises(ValueError, audioop.adpcm2lin, b'\0', 1, (0x8000, 0))
+        self.assertRaises(ValueError, audioop.lin2adpcm, b'\0', 1, (-0x8001, 0))
+        self.assertRaises(ValueError, audioop.lin2adpcm, b'\0', 1, (0x8000, 0))
 
     def test_lin2alaw(self):
         self.assertEqual(audioop.lin2alaw(datas[1], 1),
diff -r 7846aadbd4f5 Modules/audioop.c
--- a/Modules/audioop.c	Thu Jun 25 23:39:53 2015 +0300
+++ b/Modules/audioop.c	Fri Jun 26 15:39:30 2015 +0300
@@ -1627,11 +1627,6 @@ audioop_lin2adpcm_impl(PyModuleDef *modu
     if (!audioop_check_parameters(fragment->len, width))
         return NULL;
 
-    str = PyBytes_FromStringAndSize(NULL, fragment->len/(width*2));
-    if (str == NULL)
-        return NULL;
-    ncp = (signed char *)PyBytes_AsString(str);
-
     /* Decode state, should have (value, step) */
     if ( state == Py_None ) {
         /* First time, it seems. Set defaults */
@@ -1639,11 +1634,22 @@ audioop_lin2adpcm_impl(PyModuleDef *modu
         index = 0;
     } else if (!PyTuple_Check(state)) {
         PyErr_SetString(PyExc_TypeError, "state must be a tuple or None");
-        goto exit;
+        return NULL;
     } else if (!PyArg_ParseTuple(state, "ii", &valpred, &index)) {
-        goto exit;
+        return NULL;
+    } else {
+        if (valpred >= 0x8000 || valpred < -0x8000 ||
+            (size_t)index >= Py_ARRAY_LENGTH(stepsizeTable)) {
+            PyErr_SetString(PyExc_ValueError, "bad state");
+            return NULL;
+        }
     }
 
+    str = PyBytes_FromStringAndSize(NULL, fragment->len/(width*2));
+    if (str == NULL)
+        return NULL;
+    ncp = (signed char *)PyBytes_AsString(str);
+
     step = stepsizeTable[index];
     bufferstep = 1;
 
@@ -1718,8 +1724,6 @@ audioop_lin2adpcm_impl(PyModuleDef *modu
         bufferstep = !bufferstep;
     }
     rv = Py_BuildValue("(O(ii))", str, valpred, index);
-
-  exit:
     Py_DECREF(str);
     return rv;
 }
@@ -1760,6 +1764,13 @@ audioop_adpcm2lin_impl(PyModuleDef *modu
         return NULL;
     } else if (!PyArg_ParseTuple(state, "ii", &valpred, &index))
         return NULL;
+    else {
+        if (valpred >= 0x8000 || valpred < -0x8000 ||
+            (size_t)index >= Py_ARRAY_LENGTH(stepsizeTable)) {
+            PyErr_SetString(PyExc_ValueError, "bad state");
+            return NULL;
+        }
+    }
 
     if (fragment->len > (PY_SSIZE_T_MAX/2)/width) {
         PyErr_SetString(PyExc_MemoryError,