#! /bin/sh

# CVE-2019-8356
# An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2
# in fft4g.c is not guarded, such that it can lead to write access
# outside of the statically declared array, aka a stack-based buffer overflow.
#
# https://sourceforge.net/p/sox/bugs/321
# In fft4g.c function bitrv2, there is no check on the value passed to
# the argument "n". If the value of "n" is big enough, it results in "m + l"
# have a value more than 256. However, the buffer "ip" is statically allocated
# to be 256, hence it will be a stack-buffer-overflow.
# Attached is a sample of the input file.
#
# Discovered 2019-02-07 by Hendra Gunadi 

# 14.4.2:
# Segmentation fault (core dumped)
# and exits 139

# Debian and 42b355:
# Say nothing and exit 0 after creating a file of just over an hour of noise.

rm -f core out.aiff

${sox:-sox} --single-threaded fft4g_721_stack_buffer_overflow.mp3 -t aiff out.aiff channels 1 rate 16k fade 3 norm
status=$?

rm -f core out.aiff

case $status in
0) status=255;;
2) status=0;;
esac

exit $status
