From: Helmut Grohne Subject: voc: word width should never be 0 to avoid division by zero Bug: https://sourceforge.net/p/sox/bugs/351/ Bug-Debian: https://bugs.debian.org/1010374 This patch fixes both CVE-2021-3643 and CVE-2021-23210. --- a/src/voc.c +++ b/src/voc.c @@ -614,6 +614,10 @@ v->rate = new_rate_32; ft->signal.rate = new_rate_32; lsx_readb(ft, &uc); + if (uc == 0) { + lsx_fail_errno(ft, SOX_EFMT, "word width is zero?"); + return (SOX_EOF); + } v->size = uc; lsx_readb(ft, &(v->channels)); lsx_readw(ft, &(v->format)); /* ANN: added format */