Overview

File CVE-2021-3643.patch of Package sox

From: Helmut Grohne <helmut@subdivi.de>
Subject: voc: word width should never be 0 to avoid division by zero
Bug: https://sourceforge.net/p/sox/bugs/351/
Bug-Debian: https://bugs.debian.org/1010374

This patch fixes both CVE-2021-3643 and CVE-2021-23210.

--- a/src/voc.c
+++ b/src/voc.c
@@ -614,6 +614,10 @@
         v->rate = new_rate_32;
         ft->signal.rate = new_rate_32;
         lsx_readb(ft, &uc);
+        if (uc <= 1) {
+          lsx_fail_errno(ft, SOX_EFMT, "2 bits per word required");
+          return (SOX_EOF);
+        }
         v->size = uc;
         lsx_readb(ft, &(v->channels));
         lsx_readw(ft, &(v->format));    /* ANN: added format */
openSUSE Build Service is sponsored by
Places