1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Sun, 13 Aug 2023 14:14:09 +0000
Subject: CVE-2023-32627 Filter null sampling rate in VOC coder
Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file
bug: https://sourceforge.net/p/sox/bugs/369/
bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
bug-debian: https://bugs.debian.org/1041112
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627
---
src/voc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/voc.c b/src/voc.c
index f44933d..cad32fa 100644
--- a/src/voc.c
+++ b/src/voc.c
@@ -351,6 +351,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
v->block_remaining = 0;
return done;
}
+ if(uc == 0) {
+ lsx_fail_errno(ft, EINVAL, "invalid rate value");
+ v->block_remaining = 0;
+ return done;
+ }
*buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
++buf;
|
