summaryrefslogtreecommitdiff
path: root/user/sox/CVE-2017-11332.patch
blob: 511049d8e9fcf8d71b52d0446bba902d7c5420c0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From 6e177c455fb554327ff8125b6e6dde1568610abe Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sun, 5 Nov 2017 16:29:28 +0000
Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332)

---
 src/wav.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wav.c b/src/wav.c
index 5202556c..71fd52ac 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft)
     else
         lsx_report("User options overriding channels read in .wav header");
 
+    if (ft->signal.channels == 0) {
+        lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero");
+        return SOX_EOF;
+    }
+
     if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond)
         ft->signal.rate = dwSamplesPerSecond;
     else
-- 
2.25.0