1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: Helmut Grohne <helmut@subdivi.de>
Date: Sat, 11 Nov 2023 18:18:40 +0100
Subject: voc: word width should never be 0 to avoid division by zero
Bug: https://sourceforge.net/p/sox/bugs/351/
Bug-Debian: https://bugs.debian.org/1010374
This patch fixes both CVE-2021-3643 and CVE-2021-23210.
---
src/voc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/voc.c b/src/voc.c
index f026178..f44933d 100644
--- a/src/voc.c
+++ b/src/voc.c
@@ -614,6 +614,10 @@ static int getblock(sox_format_t * ft)
v->rate = new_rate_32;
ft->signal.rate = new_rate_32;
lsx_readb(ft, &uc);
+ if (uc <= 1) {
+ lsx_fail_errno(ft, SOX_EFMT, "2 bits per word required");
+ return (SOX_EOF);
+ }
v->size = uc;
lsx_readb(ft, &(v->channels));
lsx_readw(ft, &(v->format)); /* ANN: added format */
|
