-------- Forwarded Message -------- Subject: CVE-2019-8354 claims to have been fixed in SoX, but isn't Date: Thu, 30 May 2024 12:49:17 +0200 From: Martin Guy <martinw...@gmail.com> To: n...@nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2019-8354claims to have been fixed on Apr 24 14:57:34 2019 +0100 in the SoX commit logs:
fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354) The multiplication in the size argument malloc() might overflow, resulting in a small buffer being allocated. Use calloc() instead.but the segmentation fault (core dumped) persists both immediately after this commit and in all subsequent versions:
Repeat-by:sox --single-threaded crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3 -t aiff /dev/null channels 1 rate 16k fade 3 norm
sox: effects_i_dsp.c:188: update_fft_cache: Assertion `lsx_is_power_of_2(len)' failed.
Aborted (core dumped) gdb src/.libs/sox core Program terminated with signal SIGABRT, Aborted. #0 0xb7f0b559 in __kernel_vsyscall () (gdb) bt #0 0xb7f0b559 in __kernel_vsyscall () #1 0xb7b9e2e7 in ?? () from /lib/i386-linux-gnu/libc.so.6 #2 0xb7b4d111 in raise () from /lib/i386-linux-gnu/libc.so.6 #3 0xb7b3626a in abort () from /lib/i386-linux-gnu/libc.so.6 #4 0xb7b3616c in ?? () from /lib/i386-linux-gnu/libc.so.6 #5 0xb7b45689 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6 #6 0xb7e82a73 in update_fft_cache (len=len@entry=0) at effects_i_dsp.c:188 where crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3 is attached to https://sourceforge.net/p/sox/bugs/319/ and here. Thanks and keep up the good work M
crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3
Description: audio/mpeg
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel
