An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. Reference: https://sourceforge.net/p/sox/bugs/319
Created sox tracking bugs for this issue: Affects: fedora-all [bug 1678286]
Reproduced on Red Hat Enterprise 7 easily. 5 and 6 look to be using versions before the target functionality was introduced (which looks to be around 2008). ``` Program received signal SIGSEGV, Segmentation fault. u120_1 (p=0x613c18, output_fifo=0x613c88) at rate_poly_fir.h:55 55 output[i] = sum; (gdb) bt #0 u120_1 (p=0x613c18, output_fifo=0x613c88) at rate_poly_fir.h:55 #1 0x00007ffff7b85e95 in rate_process (p=p@entry=0x612ff0) at rate.c:377 #2 0x00007ffff7b91b62 in rate_flush (p=0x612ff0) at rate.c:404 #3 drain (effp=<optimized out>, obuf=<optimized out>, osamp=<optimized out>) at rate.c:525 #4 0x00007ffff7b7598b in drain_effect (chain=0x613930, chain=0x613930, n=1) at effects.c:318 #5 sox_flow_effects (chain=0x613930, callback=callback@entry=0x405b10 <update_status>, client_data=client_data@entry=0x0) at effects.c:387 #6 0x0000000000407ca6 in process () at sox.c:1794 #7 0x0000000000403075 in main (argc=13, argv=0x7fffffffe3a8) at sox.c:3012 ```