ref: 7b3f30e13e4845bafc93215a372c6eb7dcf04118
parent: e410d00c4821726accfbe1f825f2def6376e181f
author: Mans Rullgard <mans@mansr.com>
date: Sun Nov 5 12:02:11 EST 2017
wav: fix crash writing header when channel count >64k (CVE-2017-11359)
--- a/src/wav.c
+++ b/src/wav.c
@@ -1379,6 +1379,12 @@
long blocksWritten = 0;
sox_bool isExtensible = sox_false; /* WAVE_FORMAT_EXTENSIBLE? */
+ if (ft->signal.channels > UINT16_MAX) {+ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)",
+ ft->signal.channels);
+ return SOX_EOF;
+ }
+
dwSamplesPerSecond = ft->signal.rate;
wChannels = ft->signal.channels;
wBitsPerSample = ft->encoding.bits_per_sample;