File CVE-2021-33844.patch of Package sox

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-33844.patch of Package sox

From: Helmut Grohne <helmut@subdivi.de>
Subject: wav: reject 0 bits per sample to avoid division by zero
Bug: https://sourceforge.net/p/sox/bugs/349/
Bug-Debian: https://bugs.debian.org/1021135

---
 src/testall.sh |    1 +
 src/wav.c      |    7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

--- a/src/wav.c
+++ b/src/wav.c
@@ -506,7 +506,7 @@ static int startread(sox_format_t * ft)
     unsigned short wChannels;       /* number of channels */
     uint32_t      dwSamplesPerSecond; /* samples per second per channel */
     uint32_t      dwAvgBytesPerSec;/* estimate of bytes per second needed */
-    uint16_t wBitsPerSample;  /* bits per sample */
+    uint16_t wBitsPerSample = 0;  /* bits per sample */
     uint32_t wFmtSize;
     uint16_t wExtSize = 0;    /* extended field for non-PCM */
 
@@ -954,6 +954,11 @@ static int startread(sox_format_t * ft)
         break;
 
     default:
+        if (ft->encoding.bits_per_sample == 0)
+        {
+            lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero");
+            return SOX_EOF;
+        }
         wav->numSamples = div_bits(qwDataLength, ft->encoding.bits_per_sample) / ft->signal.channels;
         ft->signal.length = wav->numSamples * ft->signal.channels;
     }
--- a/src/testall.sh
+++ b/src/testall.sh
@@ -67,3 +67,4 @@ t voc
 t vox -r 8130
 t wav
 t wve
+t wav -e gsm-full-rate

Places

File CVE-2021-33844.patch of Package sox

Places