#! /bin/sh

# CVE-2017-15642
# 
# https://sourceforge.net/p/sox/bugs/297
# I discovered that SoX version 14.4.2 on Linux is vulnerable to
# a heap use-after-free condition when after parsing a crafted AIFF file,
# sox_append_comments() in formats.c is called after "comment" has been freed
# in lsx_aiffstartread() line 280 in aiff.c. This invalid read results in
# a crash and could lead to information disclosure or code execution.
#
# Discovered 2017-08-16 by Steven Patterson of Shogun Lab, www.shogunlab.com

# 14.4.2:
# fails and exits 1 only when -fsanitize=address
# otherwise as for Debian

# Debian and 42b355:
# sox WARN aiff: AIFF header has invalid blocksize.  Ignoring but expect a premature EOF
# sox FAIL formats: can't open input file `poc': unexpected EOF while skipping AIFF offset
# and exit 2

${sox:-sox} poc poc.wav
status=$?

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
