div zero crash in wav.c

Brought to you by: cbagwell, mansr, robs, rrt, uklauer

#349 div zero crash in wav.c

Status: open

Owner: nobody

Labels: bug (6)

Priority: 5

Updated: 2025-03-02

Created: 2021-04-20

Creator: treebacker

Private: No

There is a div zero bug in wav.c:967, functon startread.
With crafted wav file, it crashes.
Trigger command: ./src/.libs/sox bug1 -n noiseprof /dev/null

In AddressSanitizer:

In gdb:

The crafted file is attached.

1 Attachments

bug1

Discussion

Cannot reproduce with current git:

$ play Downloads/sox-zero.wav 
play FAIL formats: bad input format for file `Downloads/sox-zero.wav': data encoding or sample size was not specified

$ sox ~/Downloads/sox-zero.wav -n noiseprof /dev/null
sox FAIL formats: bad input format for file `/Users/hans/Downloads/sox-zero.wav': data encoding or sample size was not specified

What is the version where you are seeing this?

Martin Guy - 2025-03-02

This is CVE-2021-33844
Absent in 14.4.2, Debian and sox_ng.
Present in 42b355 and sox.sf.net master

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

div zero crash in wav.c

Searches

Help

#349 div zero crash in wav.c

Discussion