Created attachment 1337015 [details] poc_file Version-Release number of selected component (if applicable): SoX v14.4.2 How reproducible: ./sox 03-abort out.wav sox: /root/fuzzing/sox/src/formats.c:227: sox_append_comment: Assertion `comment' failed. Aborted (core dumped) The gdb debugging information is listed below: gdb ./sox /tmp/core.1507694923 GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./sox...done. [New LWP 15505] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `./sox 03-abort out.wav'. Program terminated with signal SIGABRT, Aborted. #0 0x00007f1580380428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007f1580380428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #1 0x00007f158038202a in __GI_abort () at abort.c:89 #2 0x00007f1580378bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x676044 "comment", file=file@entry=0x682f00 "/root/fuzzing/sox/src/formats.c", line=line@entry=227, function=function@entry=0x683a90 <__PRETTY_FUNCTION__.6255> "sox_append_comment") at assert.c:92 #3 0x00007f1580378c82 in __GI___assert_fail (assertion=assertion@entry=0x676044 "comment", file=file@entry=0x682f00 "/root/fuzzing/sox/src/formats.c", line=line@entry=227, function=function@entry=0x683a90 <__PRETTY_FUNCTION__.6255> "sox_append_comment") at assert.c:101 #4 0x000000000056d2b5 in sox_append_comment (comments=comments@entry=0x21c9560, comment=0x0) at /root/fuzzing/sox/src/formats.c:227 #5 0x00000000005f471b in decoder_metadata_callback (flac=<optimized out>, metadata=0x7ffcd5007a80, client_data=0x21c9510) at /root/fuzzing/sox/src/flac.c:133 #6 0x00007f1580c29e38 in read_metadata_ (decoder=decoder@entry=0x21caac0) at stream_decoder.c:1511 #7 0x00007f1580c30560 in FLAC__stream_decoder_process_until_end_of_metadata (decoder=0x21caac0) at stream_decoder.c:1054 #8 0x00000000005f3809 in start_read (ft=0x21c9510) at /root/fuzzing/sox/src/flac.c:239 #9 0x00000000005716b5 in open_read (path=<optimized out>, buffer=buffer@entry=0x0, buffer_size=buffer_size@entry=0, signal=signal@entry=0x21c9200, encoding=encoding@entry=0x21c9220, filetype=<optimized out>) at /root/fuzzing/sox/src/formats.c:545 #10 0x0000000000572d7a in sox_open_read (path=<optimized out>, signal=signal@entry=0x21c9200, encoding=encoding@entry=0x21c9220, filetype=<optimized out>) at /root/fuzzing/sox/src/formats.c:585 #11 0x000000000040bbf7 in main (argc=3, argv=0x7ffcd5007f68) at /root/fuzzing/sox/src/sox.c:2945 Additional info: Name:liuzhu
There is a related discussion on upstream: https://sourceforge.net/p/sox/mailman/sox-devel/thread/CAG_ZyaD8huzEm9cajDd63z1nGOTVRw%3DY8vPE-t5pHB%3D9XmQ_Xw%40mail.gmail.com/#msg36124536 with a link to the patch that fix this bug: https://bogomips.org/sox.git/patch/?id=818bdd0ccc1e5b6cae742c740c17fd414935cf39 This patch is also in Debian alioth: https://anonscm.debian.org/git/pkg-multimedia/sox.git/plain/debian/patches/0005-CVE-2017-15371.patch
Link to commit: https://src.fedoraproject.org/rpms/sox/c/1c345ef4b817366e86ade0792e3ef81e2e84643a?branch=master Also merged with f26 and f27 branches.
sox-14.4.2.0-13.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e
sox-14.4.2.0-13.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ca3df84ad
sox-14.4.2.0-13.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-448444341e
sox-14.4.2.0-13.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6ca3df84ad
sox-14.4.2.0-14.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b528f28c59
sox-14.4.2.0-14.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b26768593c
sox-14.4.2.0-14.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b528f28c59
sox-14.4.2.0-14.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b26768593c
sox-14.4.2.0-14.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
sox-14.4.2.0-14.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.