sox/CVE-2017-11359.patch

From 8b590b3a52f4ccc4eea3f41b4a067c38b3565b60 Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sun, 5 Nov 2017 17:02:11 +0000
Subject: [PATCH] wav: fix crash writing header when channel count >64k
 (CVE-2017-11359)

---
 src/wav.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/wav.c b/src/wav.c
index 3eaebfa7..fad334cf 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -1379,6 +1379,12 @@ static int wavwritehdr(sox_format_t * ft, int second_header)
     long blocksWritten = 0;
     sox_bool isExtensible = sox_false;    /* WAVE_FORMAT_EXTENSIBLE? */
 
+    if (ft->signal.channels > UINT16_MAX) {
+        lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)",
+                       ft->signal.channels);
+        return SOX_EOF;
+    }
+
     dwSamplesPerSecond = ft->signal.rate;
     wChannels = ft->signal.channels;
     wBitsPerSample = ft->encoding.bits_per_sample;