blob: 511049d8e9fcf8d71b52d0446bba902d7c5420c0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From 6e177c455fb554327ff8125b6e6dde1568610abe Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sun, 5 Nov 2017 16:29:28 +0000
Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332)
---
src/wav.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/wav.c b/src/wav.c
index 5202556c..71fd52ac 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft)
else
lsx_report("User options overriding channels read in .wav header");
+ if (ft->signal.channels == 0) {
+ lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero");
+ return SOX_EOF;
+ }
+
if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond)
ft->signal.rate = dwSamplesPerSecond;
else
--
2.25.0
|