From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3561 216.34.176.0/20 X-Spam-Status: No, score=-3.1 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 8D48A1F442 for ; Wed, 8 Nov 2017 11:34:01 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eCOcI-0000gL-CV; Wed, 08 Nov 2017 11:33:58 +0000 Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eCOcG-0000gD-RV for sox-devel@lists.sourceforge.net; Wed, 08 Nov 2017 11:33:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :Message-ID:In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JSEgpXLCwYp2AiXDWsgHlnT46piFXXbVI7O3E+vQZ0o=; b=mtVY0H2gr4Fr8lMPHQoMaRRGa9 XWEmutQPOiKFMxgbCVZScns6QkO0k/3Ef2YDcsdcE2F3a4iZmnks2i5R/T25DbRO4Ye4fei6quo4w fOUBBz1QrNGkgeaGabfo7/a9R1u9WecAjyl5bcbTrXwqHQ5Hy52rPmeXJMxmnCKfSSDw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JSEgpXLCwYp2AiXDWsgHlnT46piFXXbVI7O3E+vQZ0o=; b=NolujefTvk6zpQqHFqO8YxByyf wNa5hOVoqNSVCGYXmo5MsxejbYE0XXKV56sNir6H8ilohEgZHjC+s3RbyMUAUyz8ZJOtnlA3kjwGU ug8eOtJMZ4bMP2ftfC9GD2tL/qeKvUG9TOgTGLNQUhXj4QcxpjZ/ldO7tIxacWRfhVZU=; Received: from unicorn.mansr.com ([81.2.72.234]) by sfi-mx-2.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eCOcB-000302-E2 for sox-devel@lists.sourceforge.net; Wed, 08 Nov 2017 11:33:56 +0000 Received: by unicorn.mansr.com (Postfix, from userid 51770) id 9D13215604; Wed, 8 Nov 2017 11:33:44 +0000 (GMT) From: =?iso-8859-1?Q?M=E5ns_Rullg=E5rd?= To: Hans Petter Selasky References: <20171107011423.GA26133@starla> <20171107175438.GC13483@starla> <20171107233751.GA7497@starla> <20171107233823.GB7497@starla> <74d252ce-fab9-9462-396a-f6ef8a7e1c08@selasky.org> <0a9be73f-9b52-4c2f-7328-93105cea39c7@selasky.org> Date: Wed, 08 Nov 2017 11:33:44 +0000 In-Reply-To: <0a9be73f-9b52-4c2f-7328-93105cea39c7@selasky.org> (Hans Petter Selasky's message of "Wed, 8 Nov 2017 12:15:24 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 X-Headers-End: 1eCOcB-000302-E2 Subject: Re: [PATCH v2] adpcm: fix stack overflow (CVE-2017-15372) X-BeenThere: sox-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: sox-devel@lists.sourceforge.net Cc: Eric Wong , sox-devel@lists.sourceforge.net Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Errors-To: sox-devel-bounces@lists.sourceforge.net Hans Petter Selasky writes: > On 11/08/17 12:07, M=E5ns Rullg=E5rd wrote: >> The WAV container is limited to 64k channels. We could of course >> enforce a lower limit. > > Hi, > > You should not allow that many channels. Make sure the value is >=3D 1, to > avoid division by zero We already do that. > and <=3D 512 to avoid overflow. That's a pretty arbitrary limit. > During my time as a sound technican, it is very rare that the number > of channels go beyond 64. It has practical implications, that the data > rate goes into the roof and USB audio among others is not possible. During my time working on AV software, there's no end to the crazy things I've seen people do. Someone might have a good reason to store a silly number of channels. Not all audio files are intended to be sent to a playback device. -- = M=E5ns Rullg=E5rd ---------------------------------------------------------------------------= --- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel