#! /bin/sh

# CVE-2017-11333 is a vulnerability in libvorbis
# and SoX calls the affected function, vorbis_analysis_wrote().
#
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236
# the following vulnerability was published for libvorbis:
# The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis
# 1.3.5 allows remote attackers to cause a denial of service (OOM) via a
# crafted wav file.
#
# https://seclists.org/fulldisclosure/2017/Jul/82 bug 1
# The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5
# can cause a denial of service(OOM) via a crafted wav file.
# I found this bug when I test Sound eXchange(SoX) 14.4.2 which used
# the libvorbis library.

rm -f core out.*

${sox:-sox} libvorbis_1.3.5_OOM.wav out.ogg
status=$?

rm -f core out.*

case "$status" in
0) status=255;;
2) status=0;;
esac

exit $status
