Stack-Buffer-Overflow in fft4g.c

Brought to you by: cbagwell, mansr, robs, rrt, uklauer

#321 Stack-Buffer-Overflow in fft4g.c

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2025-07-30

Created: 2019-02-07

Creator: Hendra Gunadi

Private: No

In fft4g.c function bitrv2, there is no check on the value passed to the argument "n". If the value of "n" is big enough, it results in "m + l" have a value more than 256. However, the buffer "ip" is statically allocated to be 256, hence it will be a stack-buffer-overflow. Attached is a sample of the input file. The command to trigger the bug is --single-threaded <file> -t aiff /dev/null channels 1 rate 16k fade 3 norm. An information about the binary: 32 bit, limited to 800MB memory, under Linux Ubuntu 16.04, compiled with libmad only.</file>

1 Attachments

fft4g_721_stack_buffer_overflow.mp3

Discussion

Mans Rullgard - 2019-04-24

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Martin Guy - 2025-07-30

Fixed by sox.sf.net commit b7883ae
https://codeberg.org/sox_ng/sox_ng/issues/18

Last edit: Martin Guy 2025-07-30

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Stack-Buffer-Overflow in fft4g.c

Searches

Help

#321 Stack-Buffer-Overflow in fft4g.c

Discussion