#! /bin/sh

# CVE-2017-11359
# The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
# allows remote attackers to cause a denial of service
# (divide-by-zero error and application crash) via a crafted snd file
# during conversion to a wav file. 
#
# Discovered by qflb.wu
# https://seclists.org/fulldisclosure/2017/Jul/81

# 14.4.2:
# sox WARN formats_i: `sox_14.4.2_divide_by_zero_error_2.snd': file header gives the total number of samples as 1335 but file length indicates the number is in fact 1437
# Floating point exception (core dumped)
# and exits 136

# Debian:
# sox FAIL formats: can't open input file `sox_14.4.2_divide_by_zero_error_2.snd': implausibly large number of channels
# and exits 2

# 42b355:
# sox WARN formats_i: `sox_14.4.2_divide_by_zero_error_2.snd': file header gives the total number of samples as 1335 but file length indicates the number is in fact 1437
# sox FAIL formats: can't open output file `out.wav': Too many channels (4009754624)

rm -f core out.wav

${sox:-sox} sox_14.4.2_divide_by_zero_error_2.snd out.wav
status=$?

rm -f core out.wav

case $status in
0) status=255;;
2) status=0;;
esac

exit $status
