From db9641ce748bdfb465fdfa9b7794de2f8da0a249 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 16 Mar 2025 20:08:13 +0100
Subject: [PATCH] formats: reject implausible rate

Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2022-31651.patch

CVE: CVE-2022-31651
Upstream-Status: Inactive-Upstream [lastrelease: 2015]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 src/formats_i.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/formats_i.c b/src/formats_i.c
index 6a7c27e3..5f5ef979 100644
--- a/src/formats_i.c
+++ b/src/formats_i.c
@@ -70,9 +70,15 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels,
     ft->signal.channels = channels;
   }
 
-  if (rate && ft->signal.rate && ft->signal.rate != rate)
+  if (rate && ft->signal.rate && ft->signal.rate != rate) {
     lsx_warn("`%s': overriding sample rate", ft->filename);
-  else ft->signal.rate = rate;
+  /* Since NaN comparisons yield false, the negation rejects them. */
+  } else if (!(rate > 0)) {
+    lsx_fail_errno(ft, EINVAL, "invalid rate value");
+    return SOX_EOF;
+  } else {
+    ft->signal.rate = rate;
+  }
 
   if (encoding && ft->encoding.encoding && ft->encoding.encoding != encoding)
     lsx_warn("`%s': overriding encoding type", ft->filename);