#! /bin/sh

# CVE-2023-32627
# A floating point exception vulnerability was found in sox,
# in the read_samples function at sox/src/voc.c:334:18.
# This flaw can lead to a denial of service.

# 14.4.2:
# sox WARN voc: VOC input: short file
# and exits 0
# compiled with asan, aborts saying:
# global-buffer-overflow on address 0xf790c950
# in lsx_adpcm_init src/adpcms.c:58
# with the patch:
# sox FAIL sox: `poc_file' invalid rate value: Invalid argument
# and exits 0.

# 42b355:
# Floating point exception (core dumped)
# and exits 136

# Debian bullseye i386 (the patch is in the following release)
# exits 0 and creates an audio file of 4 samples

# Debian trixie i386
# exits 2

rm -f core out.aiff

${sox:-sox} --single-threaded poc_file -t aiff out.aiff
status=$?

rm -f core out.aiff

exit $status
