summaryrefslogblamecommitdiff
path: root/legacy/sox/CVE-2017-11332.patch
blob: 511049d8e9fcf8d71b52d0446bba902d7c5420c0 (plain) (tree)



























                                                                            
From 6e177c455fb554327ff8125b6e6dde1568610abe Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sun, 5 Nov 2017 16:29:28 +0000
Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332)

---
 src/wav.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wav.c b/src/wav.c
index 5202556c..71fd52ac 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft)
     else
         lsx_report("User options overriding channels read in .wav header");
 
+    if (ft->signal.channels == 0) {
+        lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero");
+        return SOX_EOF;
+    }
+
     if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond)
         ft->signal.rate = dwSamplesPerSecond;
     else
-- 
2.25.0