#! /bin/sh

# CVE-2023-26590
# A floating point exception vulnerability was found in sox, in the
# lsx_aiffstartwrite function at sox/src/aiff.c:622:58.
# This flaw can lead to a denial of service.

# 14.4.2 and 42b355:
# sox FAIL sox: Input files must have the same sample-rate
# and exits 1

# Debian:
# sox FAIL formats: can't open input file `poc_file': implausibly large number of channels
# and exits 2

rm -f core out.aiff

${sox:-sox} --single-threaded poc_file -t aiff /dev/null out.aiff
status=$?

rm -f core out.aiff

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
