package/sox/0008-phere-avoid-integer-underflow.patch

From c49c81a3c4409e7c1979ec8cb341fb0c57220616 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Sat, 17 May 2025 22:48:05 +0200
Subject: [PATCH] phere: avoid integer underflow

Link: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
Bug: https://sourceforge.net/p/sox/bugs/362/
Bug-Debian: https://bugs.debian.org/1012138

CVE: CVE-2021-40426
Upstream: https://sourceforge.net/p/sox/bugs/362/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 src/sphere.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/sphere.c b/src/sphere.c
index a3fd1c64..9544d160 100644
--- a/src/sphere.c
+++ b/src/sphere.c
@@ -63,7 +63,8 @@ static int start_read(sox_format_t * ft)
     return (SOX_EOF);
   }
 
-  header_size -= (strlen(buf) + 1);
+  bytes_read = strlen(buf);
+  header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
 
   while (strncmp(buf, "end_head", (size_t)8) != 0) {
     if (strncmp(buf, "sample_n_bytes", (size_t)14) == 0)
@@ -105,7 +106,8 @@ static int start_read(sox_format_t * ft)
       return (SOX_EOF);
     }
 
-    header_size -= (strlen(buf) + 1);
+    bytes_read = strlen(buf);
+    header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
   }
 
   if (!bytes_per_sample)
-- 
2.49.0