#! /bin/sh

# CVE-2021-23159
# A vulnerability was found in SoX, where a heap-buffer-overflow occurs
# in function lsx_read_w_buf() in formats_i.c file. The vulnerability is
# exploitable with a crafted file, that could cause an application to crash.

# 14.4.2:
# malloc(): corrupted top size
# Aborted (core dumped)

# Debian
# sox FAIL formats: can't open input file `bug4': Implausible dictionary size in HCOM header
# and exits 2

# 42b355
# malloc(): corrupted top size
# Aborted (core dumped)

rm -f core out.wav

${sox:-sox} bug4 out.wav
status=$?

rm -f core out.wav

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
