oss-sec mailing list archives
Re: Re: sox: patches for old vulnerabilities
From: Steffen Nurpmeso <steffen () sdaoden eu>
Date: Thu, 30 Mar 2023 22:43:00 +0200
Steffen Nurpmeso wrote in <20230314201652.RlbWr%steffen () sdaoden eu>: ... ||Helmut Grohne wrote in || <20230314110138.GA1192267 () subdivi de>: |||On Fri, Feb 03, 2023 at 09:44:47PM +0100, Helmut Grohne wrote: |||> * CVE-2021-33844 ||| |||The original fix for this issue would cause a regression. After applying |||it, sox would be unable to decode WAV GSM files. This has been reported ... Today i got a nice email from Nam Nguyen who pointed out that my last patch to this topic (also) introduced a bug. So i downloaded libGSM and yes he was right. So on top of them all a partial undo of the last is necessary; i will attach the full diff, too. Thank you Nam Nguyen! Ciao already here, wav_read_fmt(): fix previous! (Nam Nguyen (namn AT berkeley DOT edu)) --- src/wav.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/wav.c b/src/wav.c index 380796c0f0..b93ee37667 100644 --- a/src/wav.c +++ b/src/wav.c @@ -654,11 +654,7 @@ static int wav_read_fmt(sox_format_t *ft, uint32_t len) if (err) return SOX_EOF; - if (wav->bitsPerSample == 0 -#ifdef HAVE_LIBGSM - && wav->formatTag != WAVE_FORMAT_GSM610 -#endif - ){ + if (wav->bitsPerSample == 0){ lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero"); return SOX_EOF; } --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Attachment:
sox-git.patch
Description:
Current thread:
- sox: patches for old vulnerabilities Helmut Grohne (Feb 03)
- Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Feb 04)
- Re: sox: patches for old vulnerabilities Helmut Grohne (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 30)
- Re: Re: sox: patches for old vulnerabilities Nam Nguyen (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 31)
- Re: Re: sox: patches for old vulnerabilities Steffen Nurpmeso (Mar 14)