Måns Rullgård <m...@mansr.com> wrote: > All but one fixed here: https://github.com/mansr/sox
I think this should fix the last one. I didn't check too closely, just verified it's no longer segfaulting. (But lsx_valloc doesn't check for multiplication overflow) -----------8<--------- From: Eric Wong <e...@80x24.org> Subject: [PATCH] adpcm: fix stack overflow (CVE-2017-15372) --- src/adpcm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/adpcm.c b/src/adpcm.c index 2e13867e..e921eaba 100644 --- a/src/adpcm.c +++ b/src/adpcm.c @@ -113,7 +113,10 @@ const char *lsx_ms_adpcm_block_expand_i( const unsigned char *ip; unsigned ch; const char *errmsg = NULL; - MsState_t state[4]; /* One decompressor state for each channel */ + MsState_t *state; + + /* One decompressor state for each channel */ + lsx_valloc(state, chans); /* Read the four-byte header for each channel */ ip = ibuff; -- EW ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel
