#! /bin/sh

# CVE-2021-23172
# A vulnerability was found in SoX, where a heap-buffer-overflow occurs in
# function startread() in hcom.c file. The vulnerability is exploitable
# with a crafted hcom file, that could cause an application to crash.

# 14.4.2 and 42b355 says:
# sox=../../sox-14.4.2/src/sox sh run

# Debian says:
# sox FAIL formats: can't open input file `bug2': Implausible dictionary size in HCOM header
# and exits 2

rm -f core

${sox:-sox} bug2 -n noiseprof /dev/null
status=$?

rm -f core out.wav

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
