#! /bin/sh

# CVE-2023-34432
# A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf
# function at sox/src/formats_i.c:98:16. This flaw can lead to a
# denial of service, code execution, or information disclosure.

# 14.4.2:
# malloc(): corrupted top size
# Aborted (core dumped)

# 42b355:
# sox FAIL formats: can't open input file `poc_file': Invalid dictionary
# and exits 2

# Debian
# sox FAIL formats: can't open input file `poc_file': Implausible dictionary size in HCOM header
# and exits 2

rm -f core

${sox:-sox} --single-threaded poc_file -t aiff out.aiff
status=$?

rm -f core out.wav

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
