Re: Bug#881121: sox: null pointer dereference while running sox

Re: Bug#881121: sox: null pointer dereference while running sox

[Eric Wong]

Joonun Jang <joonun.jang@gmail.com> wrote:
> Package: sox
> Version: 14.4.1-5+b2
> Severity: normal
> Tags: security
> 
> null pointer dereference while running sox with "poc.aiff output.aiff speed 1.027" option
> 
> Running 'sox poc.aiff output.aiff speed 1.027' with the attached file raises null pointer dereference
> which may allow a remote attack to cause a denial-of-service attack
> I expected the program to terminate without segfault, but the program crashes as follow

Thanks for the report, Mans fixed this the other day on the
sox-devel list:

https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw

Also pushed as commit c9a48c055398f171128573bbeab4e4de4c761058
in my unofficial "pu" (potential updates) branch @ https://bogomips.org/sox.git

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
SoX-devel mailing list
SoX-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sox-devel