Martin Guy <martinw...@gmail.com> writes: > -------- Forwarded Message -------- > Subject: CVE-2019-8354 claims to have been fixed in SoX, but isn't > Date: Thu, 30 May 2024 12:49:17 +0200 > From: Martin Guy <martinw...@gmail.com> > To: n...@nist.gov > > https://nvd.nist.gov/vuln/detail/CVE-2019-8354 > > claims to have been fixed on Apr 24 14:57:34 2019 +0100 in the SoX commit > logs: > > fix possible buffer size overflow in lsx_make_lpf() (CVE-2019-8354) > > The multiplication in the size argument malloc() might overflow, > resulting in a small buffer being allocated. Use calloc() instead. > > but the segmentation fault (core dumped) persists both immediately after > this commit and in all subsequent versions: > > Repeat-by: > > sox --single-threaded crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3 -t > aiff /dev/null channels 1 rate 16k fade 3 norm > > sox: effects_i_dsp.c:188: update_fft_cache: Assertion > `lsx_is_power_of_2(len)' failed. > Aborted (core dumped) > > gdb src/.libs/sox core > > Program terminated with signal SIGABRT, Aborted. > > #0 0xb7f0b559 in __kernel_vsyscall () > (gdb) bt > #0 0xb7f0b559 in __kernel_vsyscall () > #1 0xb7b9e2e7 in ?? () from /lib/i386-linux-gnu/libc.so.6 > #2 0xb7b4d111 in raise () from /lib/i386-linux-gnu/libc.so.6 > #3 0xb7b3626a in abort () from /lib/i386-linux-gnu/libc.so.6 > #4 0xb7b3616c in ?? () from /lib/i386-linux-gnu/libc.so.6 > #5 0xb7b45689 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6 > #6 0xb7e82a73 in update_fft_cache (len=len@entry=0) at effects_i_dsp.c:188 > > where crash_effect_i_dsp_c_367_heap_buffer_overflow.mp3 is attached to > > https://sourceforge.net/p/sox/bugs/319/ > > and here. > > Thanks and keep up the good work
This crash has nothing to do with the multiplication overflow described in the CVE. Still it's a bug, so I've fixed it. -- Måns Rullgård _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel
