Menu
▾
▴
#346 sox noisered dies with segv
% sox sound-old.flac -n noiseprof sound.nprof
% sox -V -V --temp /var/tmp sound-old.flac sound-new.flac \
remix - \
noisered sound.nprof \
highpass 100 \
norm \
compand 0.05,0.2 6:-54,-90,-36,-36,-24,-24,0,-12 0 -90 0.1 \
vad -T 0.6 -p 0.2 -t 5 \
fade 0.1 \
reverse \
vad -T 0.6 -p 0.2 -t 5 \
fade 0.1 \
reverse \
norm -0.5
sox: SoX v14.4.2
time: Feb 9 2020 10:36:08
issue: Debian
uname: Linux zenbook 5.10.0-3-amd64 #1 SMP Debian 5.10.13-1 (2021-02-06) x86_64
compiler: gcc 9.2.1 20200203
arch: 1288 48 88 L OMP
sox DBUG formats: opening format plugin `lsx_alsa_format_fn': library 0x5623a3768c40, entry point 0x7fa10dc6b670
sox DBUG formats: opening format plugin `lsx_amr_nb_format_fn': library 0x5623a3769ec0, entry point 0x7fa10dc649c0
sox DBUG formats: opening format plugin `lsx_amr_wb_format_fn': library 0x5623a376ac50, entry point 0x7fa10dc5f6b0
sox DBUG formats: opening format plugin `lsx_caf_format_fn': library 0x5623a376b9d0, entry point 0x7fa10dc59290
sox DBUG formats: opening format plugin `lsx_fap_format_fn': library 0x5623a376e750, entry point 0x7fa10dc52290
sox DBUG formats: opening format plugin `lsx_flac_format_fn': library 0x5623a376ef60, entry point 0x7fa10d799220
sox DBUG formats: opening format plugin `lsx_gsm_format_fn': library 0x5623a376f7a0, entry point 0x7fa10d7926e0
sox DBUG formats: opening format plugin `lsx_lpc10_format_fn': library 0x5623a376ff20, entry point 0x7fa10d78d640
sox DBUG formats: opening format plugin `lsx_mat4_format_fn': library 0x5623a3770680, entry point 0x7fa10d787290
sox DBUG formats: opening format plugin `lsx_mat5_format_fn': library 0x5623a37713c0, entry point 0x7fa10d780290
sox DBUG formats: opening format plugin `lsx_mp3_format_fn': library 0x5623a3771bd0, entry point 0x7fa10d4390c0
sox DBUG formats: opening format plugin `lsx_paf_format_fn': library 0x5623a3773be0, entry point 0x7fa10d42e290
sox DBUG formats: opening format plugin `lsx_pulseaudio_format_fn': library 0x5623a37743f0, entry point 0x7fa10d4283e0
sox DBUG formats: opening format plugin `lsx_pvf_format_fn': library 0x5623a3780600, entry point 0x7fa10d333290
sox DBUG formats: opening format plugin `lsx_sd2_format_fn': library 0x5623a3780fa0, entry point 0x7fa10d32c290
sox DBUG formats: opening format plugin `lsx_sndfile_format_fn': library 0x5623a37817b0, entry point 0x7fa10d3263d0
sox DBUG formats: opening format plugin `lsx_vorbis_format_fn': library 0x5623a37820c0, entry point 0x7fa10d31fe40
sox DBUG formats: opening format plugin `lsx_w64_format_fn': library 0x5623a3782e20, entry point 0x7fa10ca7b290
sox DBUG formats: opening format plugin `lsx_wavpack_format_fn': library 0x5623a3783630, entry point 0x7fa10ca75a30
sox DBUG formats: opening format plugin `lsx_xi_format_fn': library 0x5623a37843c0, entry point 0x7fa10ca6f290
sox INFO formats: detected file format type `flac'
sox DBUG flac: API version 11
Input File : 'sound-old.flac'
Channels : 2
Sample Rate : 48000
Precision : 24-bit
Duration : 03:35:58.79 = 622022088 samples ~ 971910 CDDA sectors
File Size : 1.19G
Bit Rate : 735k
Sample Encoding: 24-bit FLAC
Endian Type : little
Reverse Nibbles: no
Reverse Bits : no
Comment : 'encoder=Lavf58.45.100'
sox INFO sox: Overwriting `sound-new.flac'
sox INFO flac: encoding at 24 bits per sample
Output File : 'sound-new.flac'
Channels : 1
Sample Rate : 48000
Precision : 24-bit
Sample Encoding: 24-bit FLAC
Endian Type : little
Reverse Nibbles: no
Reverse Bits : no
Comment : 'encoder=Lavf58.45.100'
sox DBUG remix: 0:
sox DBUG remix: 0 0.5
sox DBUG remix: 1 0.5
% coredumpctl --debugger =gdb-bt-full debug
PID: 2379027 (sox)
UID: 1000 (joerg)
GID: 1000 (joerg)
Signal: 11 (SEGV)
Timestamp: Sun 2021-02-14 22:46:20 CET (54s ago)
Command Line: sox -V -V --temp /var/tmp sound-old.flac sound-new.flac remix - noisered sound.nprof highpass 100 norm compand 0.05,0.2 6:-54,-90,-36,-36,-24,-24,0,-12 0 -90 0.1 vad -T 0.6 -p 0.2 -t 5 fade 0.1 reverse vad -T 0.6 -p 0.2 -t 5 fade 0.1 reverse norm -0.5
Executable: /usr/bin/sox
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/awesome.service
Unit: user@1000.service
User Unit: awesome.service
Slice: user-1000.slice
Owner UID: 1000 (joerg)
Boot ID: 320f00adf92648e48e8a2fe9e5498148
Machine ID: 523cb54753234ed08c13ec497d0d3b64
Hostname: zenbook
Storage: /var/lib/systemd/coredump/core.sox.1000.320f00adf92648e48e8a2fe9e5498148.2379027.1613339180000000.zst
Message: Process 2379027 (sox) of user 1000 dumped core.
Stack trace of thread 2379027:
#0 0x00007fa10dbf5d8c sox_noisered_start (libsox.so.3 + 0x31d8c)
#1 0x00007fa10dbe6ae6 sox_add_effect (libsox.so.3 + 0x22ae6)
#2 0x00005623a24eda59 add_effect (sox + 0x8a59)
#3 0x00005623a24ea72f add_effects (sox + 0x572f)
#4 0x00007fa10d8bfd0a __libc_start_main (libc.so.6 + 0x26d0a)
#5 0x00005623a24ec35a _start (sox + 0x735a)
[New LWP 2379027]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `sox -V -V --temp /var/tmp sound-old.flac sound-new.flac remix - noisered sound.'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa10dbf5d8c in sox_noisered_start (effp=effp@entry=0x5623a378a820) at noisered.c:114
114 noisered.c: Datei oder Verzeichnis nicht gefunden.
#0 0x00007fa10dbf5d8c in sox_noisered_start (effp=effp@entry=0x5623a378a820) at noisered.c:114
i1_ul = 1
i1 = 1
f1 = -3.04930711
data = 0x5623a3768960
fchannels = 1
channels = <optimized out>
i = <optimized out>
ifp = 0x5623a37e8fd0
#1 0x00007fa10dbe6ae6 in sox_add_effect (chain=chain@entry=0x5623a37e8d20, effp=effp@entry=0x5623a378a820, in=in@entry=0x7fff145517b0, out=out@entry=0x5623a378b828) at effects.c:157
ret = <optimized out>
start = 0x7fa10dbf5c00 <sox_noisered_start>
f = <optimized out>
eff0 = {global_info = 0x5623a37e8d30, in_signal = {rate = 48000, channels = 1, precision = 32, length = 622022088, mult = 0x0}, out_signal = {rate = 48000, channels = 1, precision = 32, length = 0, mult = 0x0}, in_encoding = 0x5623a24f85a0 <combiner_encoding>, out_encoding = 0x5623a378b848, handler = {name = 0x7fa10dc307fe "noisered", usage = 0x7fa10dc30807 "[profile-file [amount]]", flags = 24, getopts = 0x7fa10dbf5ed0 <sox_noisered_getopts>, start = 0x7fa10dbf5c00 <sox_noisered_start>, flow = 0x7fa10dbf68b0 <sox_noisered_flow>, drain = 0x7fa10dbf6830 <sox_noisered_drain>, stop = 0x7fa10dbf5b80 <sox_noisered_stop>, kill = 0x7fa10dbe6370 <default_function>, priv_size = 32}, clips = 0, flows = 1, flow = 0, priv = 0x5623a3768960, obuf = 0x0, obeg = 0, oend = 0, imin = 0}
#2 0x00005623a24eda59 in add_effect (chain=chain@entry=0x5623a37e8d20, effp=0x5623a378a820, in=in@entry=0x7fff145517b0, out=0x5623a378b828, guard=guard@entry=0x7fff14551798) at sox.c:708
no_guard = -1
#3 0x00005623a24ea72f in add_effects (chain=<optimized out>) at sox.c:1073
signal = {rate = 48000, channels = 1, precision = 32, length = 622022088, mult = 0x0}
guard = -1
i = 1
effp = <optimized out>
rate_arg = 0x0
signal = {rate = <optimized out>, channels = <optimized out>, precision = <optimized out>, length = <optimized out>, mult = <optimized out>}
guard = <optimized out>
i = <optimized out>
effp = <optimized out>
rate_arg = <optimized out>
args = {<optimized out>, <optimized out>}
no_guard = <optimized out>
format = <optimized out>
effp = <optimized out>
#4 process () at sox.c:1759
flow_status = <optimized out>
flow_status = <optimized out>
modified_termios = {c_iflag = <optimized out>, c_oflag = <optimized out>, c_cflag = <optimized out>, c_lflag = <optimized out>, c_line = <optimized out>, c_cc = {<optimized out> <repeats 32 times>}, c_ispeed = <optimized out>, c_ospeed = <optimized out>}
now = {tv_sec = <optimized out>, tv_usec = <optimized out>}
d = <optimized out>
#5 main (argc=<optimized out>, argv=<optimized out>) at sox.c:3008
i = <optimized out>
mybase = "sox\000\000"
--- END ---
This is CVE-2021-33844
Absent in 14.4.2, Debian and sox_ng
Present in 42b355 and sox-sf-net master