ref: 52924c14fbee326334b2e4d459cbe0f2e21ceed2
parent: 3ccca3b8b82cbd2a146110b07cbf7fd867de8ead
author: Bastien Roucariès <rouca@debian.org>
date: Sun Aug 13 10:14:09 EDT 2023
CVE-2023-32627 Filter null sampling rate in VOC coder Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file bug: https://sourceforge.net/p/sox/bugs/369/ bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 bug-debian: https://bugs.debian.org/1041112 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627
--- a/src/voc.c
+++ b/src/voc.c
@@ -353,6 +353,11 @@
v->block_remaining = 0;
return done;
}
+ if(uc == 0) {
+ lsx_fail_errno(ft, EINVAL, "invalid rate value");
+ v->block_remaining = 0;
+ return done;
+ }
*buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
++buf;