1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
From: Helmut Grohne <helmut@subdivi.de>
Subject: hcom: validate dictsize
Bug: https://sourceforge.net/p/sox/bugs/350/
Bug: https://sourceforge.net/p/sox/bugs/352/
Bug-Debian: https://bugs.debian.org/1021133
Bug-Debian: https://bugs.debian.org/1021134
This patch fixes both CVE-2021-23159 and CVE-2021-23172.
--- a/src/hcom.c
+++ b/src/hcom.c
@@ -141,6 +141,11 @@
return (SOX_EOF);
}
lsx_readw(ft, &dictsize);
+ if (dictsize == 0 || dictsize > 511)
+ {
+ lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");
+ return SOX_EOF;
+ }
/* Translate to sox parameters */
ft->encoding.encoding = SOX_ENCODING_HCOM;
|
