| From 7405bcaacb1ded8c595cb751d407cf738cb26571 Mon Sep 17 00:00:00 2001 |
| From: Mans Rullgard <mans@mansr.com> |
| Date: Sun, 5 Nov 2017 16:29:28 +0000 |
| Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332) |
| |
| --- |
| src/wav.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| diff --git a/src/wav.c b/src/wav.c |
| index 3e80e692..3eaebfa7 100644 |
| --- a/src/wav.c |
| +++ b/src/wav.c |
| @@ -712,6 +712,11 @@ static int startread(sox_format_t * ft) |
| else |
| lsx_report("User options overriding channels read in .wav header"); |
| |
| + if (ft->signal.channels == 0) { |
| + lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero"); |
| + return SOX_EOF; |
| + } |
| + |
| if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond) |
| ft->signal.rate = dwSamplesPerSecond; |
| else |