sox/CVE-2023-32627.patch

From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Sun, 13 Aug 2023 14:14:09 +0000
Subject: CVE-2023-32627 Filter null sampling rate in VOC coder

Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file

bug: https://sourceforge.net/p/sox/bugs/369/
bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
bug-debian: https://bugs.debian.org/1041112
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627
---
 src/voc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/voc.c b/src/voc.c
index f44933d..cad32fa 100644
--- a/src/voc.c
+++ b/src/voc.c
@@ -351,6 +351,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf,
             v->block_remaining = 0;
             return done;
           }
+          if(uc == 0) {
+            lsx_fail_errno(ft, EINVAL, "invalid rate value");
+            v->block_remaining = 0;
+            return done;
+          }
           *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,);
           lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips));
           ++buf;