|
|
@@ -0,0 +1,37 @@
|
|
|
+From 2ab4f13af84f224cfbdd997e027c7348156de463 Mon Sep 17 00:00:00 2001
|
|
|
+From: Helmut Grohne <helmut@subdivi.de>
|
|
|
+Date: Sat, 17 May 2025 23:07:34 +0200
|
|
|
+Subject: [PATCH] CVE-2023-32627 Filter null sampling rate in VOC coder
|
|
|
+
|
|
|
+Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file
|
|
|
+
|
|
|
+bug: https://sourceforge.net/p/sox/bugs/369/
|
|
|
+bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
|
|
|
+bug-debian: https://bugs.debian.org/1041112
|
|
|
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627
|
|
|
+
|
|
|
+Upstream: https://sourceforge.net/p/sox/bugs/369/
|
|
|
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
|
+---
|
|
|
+ src/voc.c | 5 +++++
|
|
|
+ 1 file changed, 5 insertions(+)
|
|
|
+
|
|
|
+diff --git a/src/voc.c b/src/voc.c
|
|
|
+index 0ca07f94..d8b982c5 100644
|
|
|
+--- a/src/voc.c
|
|
|
++++ b/src/voc.c
|
|
|
+@@ -353,6 +353,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
|
|
|
+ v->block_remaining = 0;
|
|
|
+ return done;
|
|
|
+ }
|
|
|
++ if(uc == 0) {
|
|
|
++ lsx_fail_errno(ft, EINVAL, "invalid rate value");
|
|
|
++ v->block_remaining = 0;
|
|
|
++ return done;
|
|
|
++ }
|
|
|
+ *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
|
|
|
+ lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
|
|
|
+ ++buf;
|
|
|
+--
|
|
|
+2.49.0
|
|
|
+
|
Thomas Petazzoni