#! /bin/sh

# CVE-2019-1010004
# SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read.
# The impact is: Denial of Service. The component is: read_samples function
# at xa.c:219.
# The attack vector is: Victim must open specially crafted .xa file.
# NOTE: this may overlap CVE-2017-18189.
#
# https://sourceforge.net/p/sox/bugs/299
# I think I found a bug in read_samples() in xa.c in SoX 14.4.2 which
# causes a segfault by invalid memory read via crafted Maxis (.xa) file.
#
# Discovered 2018-01-03 by xct

# 14.4.2;
# Segmentation fault (core dumped)

# Debian and 42b355:
# sox FAIL formats: can't open input file `poc.xa': invalid channel count 0
# and exit 2

rm -f core

make txt2xa
./txt2xa > poc.xa

${sox:-sox} poc.xa poc.wav
status=$?

rm -f core txt2xa poc.wav

case $status in
0) status=255 ;;
2) status=0 ;;
*) echo "Unexpected exit status $status" 1>&2 ;;
esac

exit $status
