> >> in the CVE. Still it's a bug, so I've fixed it.
Thanks.
> The CVE addresses the possibility of a memory allocation being smaller
> than expected. The result of subsequent out of bounds accesses are
> impossible to predict, which qualifies the bug as a vulnerability.
> After the fix, it aborts without doing any harm.
Would it also make sense to further restrict the -r argument?
Currently, it can be any float (such as 3e-6),
but what use is that in an audio signal?
Would it be sensible to restrict the rate to audio frequencies?
Would there be any loss in requiring them to be integers?
Jan
_______________________________________________
SoX-devel mailing list
SoX-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sox-devel
