SoX - Sound eXchange / Bugs / #370 FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx

FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx_aiffstartwrite)

#370 FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx_aiffstartwrite)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2025-02-07

Created: 2023-05-05

Creator: babybus

Private: No

We found a FPE in SoX 14.4.3git（src/aiff.c:622:58 in lsx_aiffstartwrite).

Command Input

sox --single-threaded poc_file -t aiff /dev/null

poc_file is attached.

Sanitizer Dump

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1135913==ERROR: AddressSanitizer: FPE on unknown address 0x00000060d09a (pc 0x00000060d09a bp 0x7fff8f026c50 sp 0x7fff8f026c00 T0)
    #0 0x60d09a in lsx_aiffstartwrite /root/target/Invariants/sox/src/aiff.c:622:58
    #1 0x4ec460 in open_write /root/target/Invariants/sox/src/formats.c:967:33
    #2 0x4eb22e in sox_open_write /root/target/Invariants/sox/src/formats.c:1003:10
    #3 0x4df3ec in open_output_file /root/target/Invariants/sox/src/sox.c:1501:15
    #4 0x4d04e3 in process /root/target/Invariants/sox/src/sox.c:1713:3
    #5 0x4cb542 in main /root/target/Invariants/sox/src/sox.c:2988:11
    #6 0x7f4b43dd0082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x41d70d in _start (/root/target/Invariants/sox/src/sox+0x41d70d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /root/target/Invariants/sox/src/aiff.c:622:58 in lsx_aiffstartwrite
==1135913==ABORTING

Environment

OS: Ubuntu 20.04.1
clang:12.0.0
SoX:14.4.3git
we built sox with AddressSanitizer (ASAN) .
make CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g3 -O0" CXXFLAGS="-fsanitize=address -g3 -O0"

1 Attachments

poc_file

Discussion

roucaries bastien - 2023-08-13

Fixed by fix of CVE-2022-31650 https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/stretch/debian/patches/CVE-2022-31650.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

roucaries bastien - 2023-08-13

This is CVE-2023-26590

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Martin Guy - 2025-02-07

I can't reproduce this on Debian bookworm, building with the same compiler and flags,
with your command line or with

./configure CC=clang CFLAGS="-fsanitizer=address -O0 -g3"

and with or without the address sanitizer.

I'm assuming 14.4.3git is commit 42b355 on sox.sf.net, the one some distros (gentoo and a few others) picked up.

With Debian bookworm's SoX, sox.sf.net 42b355 or current git HEAD I get:

sox FAIL formats: can't open input file `poc_file': implausibly large number of channels

or, with 14.4.2 or sox_ng-14.5.0:

sox FAIL sox: Input files must have the same sample-rate

If you can help reproduce the defect please get in touch

Last edit: Martin Guy 2025-02-07
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx_aiffstartwrite)

Searches

Help

#370 FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx_aiffstartwrite)

Discussion