#! /bin/sh

# CVE-2017-11358
# The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2
# allows remote attackers to cause a denial of service
# (invalid memory read and application crash) via a crafted hcom file.
# Discovered 30 Jul 2017 by qflb.wu
# https://www.exploit-db.com/exploits/42398 Bug 2.

# 14.4.2
# sox FAIL sox: `sox_14.4.2_invalid_memory_read.hcom' unexpected EOF in HCOM data: Unknown error -1
# and exits 0 (should get SEGV according to CVE)
# With -fsanitizer=address exits 1

# 42b355 and Debian:
# sox FAIL formats: can't open input file `sox_14.4.2_invalid_memory_read.hcom': Invalid dictionary
# and exit 2

rm -f core

${sox:-sox} sox_14.4.2_invalid_memory_read.hcom out.wav
status=$?


rm -f core out.wav

case $status in
0) status=255;;
2) status=0;;
esac

exit $status
