#! /bin/sh

# CVE-2019-8354
# An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
# has an integer overflow on the result of multiplication fed into malloc.
# When the buffer is allocated, it is smaller than expected, leading to
# a heap-based buffer overflow.
#
# https://sourceforge.net/p/sox/bugs/319
# In effect_i_dsp.c line 367, there is no check on the value passed to malloc
# (num_taps x sizeof(double). When the result overflows, it can trigger
# heap-buffer-overflow due to allocated memory that is smaller than expected.
#
# Discovered 2019-02-07 by Hendra Gunadi 

# 14.4.2, Debian and 42b355:
# sox: effects_i_dsp.c:188: update_fft_cache: Assertion `lsx_is_power_of_2(len)' failed.
# Aborted (core dumped)

rm -f core

${sox:-sox} --single-threaded crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3 -t aiff /dev/null channels 1 rate 16k fade 3 norm
status=$?

rm -f core

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
