ref: 6e177c455fb554327ff8125b6e6dde1568610abe
parent: 7e74b254b2a7c963be0bfce751fc5911fe681c12
author: Mans Rullgard <mans@mansr.com>
date: Sun Nov 5 11:29:28 EST 2017
wav: fix crash if channel count is zero (CVE-2017-11332)
--- a/src/wav.c
+++ b/src/wav.c
@@ -712,6 +712,11 @@
else
lsx_report("User options overriding channels read in .wav header");
+ if (ft->signal.channels == 0) {
+ lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero");
+ return SOX_EOF;
+ }
+
if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond)
ft->signal.rate = dwSamplesPerSecond;
else