Re: Bug#881121: sox: null pointer dereference while running sox

sox-devel@lists.sourceforge.net unofficial mirror
 help / color / mirror / code / Atom feed

From: Eric Wong <normalperson@yhbt.net>
To: Joonun Jang <joonun.jang@gmail.com>, 881121@bugs.debian.org
Cc: Mans Rullgard <mans@mansr.com>, sox-devel@lists.sourceforge.net
Subject: Re: Bug#881121: sox: null pointer dereference while running sox
Date: Sat, 18 Nov 2017 21:54:50 +0000	[thread overview]
Message-ID: <20171118215450.GA14738@starla> (raw)
In-Reply-To: <151010671220.5921.12524514333112429556.reportbug@yuweol>

Joonun Jang <joonun.jang@gmail.com> wrote:
> Package: sox
> Version: 14.4.1-5+b2
> Severity: normal
> Tags: security
> 
> null pointer dereference while running sox with "poc.aiff output.aiff speed 1.027" option
> 
> Running 'sox poc.aiff output.aiff speed 1.027' with the attached file raises null pointer dereference
> which may allow a remote attack to cause a denial-of-service attack
> I expected the program to terminate without segfault, but the program crashes as follow

Thanks for the report, Mans fixed this the other day on the
sox-devel list:

https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw

Also pushed as commit c9a48c055398f171128573bbeab4e4de4c761058
in my unofficial "pu" (potential updates) branch @ https://bogomips.org/sox.git

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
SoX-devel mailing list
SoX-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sox-devel

          parent reply	other threads:[~2017-11-18 21:55 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <151010671220.5921.12524514333112429556.reportbug@yuweol>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.sourceforge.net/lists/listinfo/sox-devel

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171118215450.GA14738@starla \
    --to=sox-devel@lists.sourceforge.net \
    --cc=881121@bugs.debian.org \
    --cc=joonun.jang@gmail.com \
    --cc=mans@mansr.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/sox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).