sox_ng wiki - Fork-sox
Here is the correspondence between the tickets on sox.sf.net and sox_ng's issues.
Legend
- Not required in `sox_ng`
42b355 Only present in sox.sf.net, not 14.4.2 or sox_ng
| Patch | Issue |
|---|---|
| 129 a sane build system | #271 |
128 Division by zero at wav.c:967 |
42b355 |
127 Division by zero at voc.c:334 |
#247 |
126 Global-buffer-overflow at adpcms.c:58 |
#262 |
125 Fix property_size = sizeof(name) |
#167 |
| 124 low-latency pulseaudio pipeline using --input-buffer | #185 |
| 123 configure.ac: fix static linking with id3tag | 42b355 |
| 122 configure.ac: put back --disable-protector | #254 |
| 121 Full RF64 support | #253 |
| 120 Initialize channel map for pulseaudio | #252 |
| 116 [PATCH] Adding FFTW support speeds up spectrogram by factor of ten | #109 |
| 108 Fix multi-channel LADSPA effects + draining for all LADSPA effects | #245 |
| 107 Win32 Progress Flush Fix | #244 |
| 106 Support for "DynAudNorm" Effect | #164 |
| 105 Win32 Unicode (UTF-8) support | #203 |
| 104 missing version number in sox --version output | #159 |
| 103 ignore SIGPIPE so stop callbacks may fire | #243 |
| 102 [PATCH] modified spectrogram hh:mm:ss in X-axis | #242 |
| 94 libmpg123 support for mp3 decoding | #150 |
| 93 flac (decoder): simplify EOF state and fix MD5 check | - |
| 89 Docs: libsox.3 update | - |
| 65 Enable SoX to be built as a Windows DLL | #251 |
| 41 MIDI Sample Dump Module | #157 |
| 35 Amiga Module support | #158 |
| # | Description | Issue |
|---|---|---|
| 1 | Fix bit-depth calculation | #273 |
| 2 | make it read Alaw Sphere file | #186 |
| 3 | Release holds on stdin/stdout when we have finished with them | #696 |
| 4 | Rudimentary support for NSP format | #272 |
| 5 | Add 192kHz support to RIAA EQ deemphasis biquad effect | #173 |
| 6 | Fix memory buffer rewinding for format detection | f4c709a |
| 8 | coreaudio: add a way to choose devices with number | 220795d |
| 9 | Patch for Ticket 327 | 47eeef2 |
| 10 | Fixing ticket 325, possible integer overflow (addition) in sox-fmt.c function startread | #20 |
| 13 | rewrite the manpages in mdoc(7) | No thanks |
| 14 | sox spectrogram: remove arbitrary size limits, add normalize flag, use fftw3 | Done |
| 15 | more channels for dat files | #412 |
| 16 | remove the test suite | Done |
| 17 | don't leak comments on failed open_{read,write} | Done |
| 18 | hcom: validate dicsize, don't leak dictionary | afd9cdb db7a256 |
| 19 | voc validate bits per word | 366f186 |
| 20 | wav: bits per sample cannot be zero | d84c38c |
| 21 | aiff: don't write a silly number of channels | 263f885 |
| 22 | validate channels and rate | 263f885 |
| 23 | sphere: do not underflow | 31e6b04 |
| 24 | get device name properly on macOS | c5aa611 |
| 25 | macOS build is like any other | 1e59d84 |
Open bugs created since 14.4.2
Legend
- Not an issue
42b355 Only present in sox.sf.net, not 14.4.2 or sox_ng
| BUG | Issue |
|---|---|
| 377 silence -l does not work correctly | #258 |
| 375 'pipe' STDIN input broken | 42b355 |
| 374 autoreconf overwrites INSTALL | - |
| 373 .VOC text not processed | #563 |
| 372 threshold parameter for "silence" filter isn't handled correctly. | #395 |
| 371 Need a way to specify the directory for temporary files. | - |
| 370 FPE in SoX 14.4.3git (src/aiff.c:622:58 in lsx_aiffstartwrite) | - |
| 369 FPE in SoX 14.4.3git(src/voc.c:334:18 in read_samples) | 42b355 |
| 368 heap-buffer-overflow in SoX 14.4.3git (hcom.c:160:41 in startread) | 42b355 |
| 367 heap-buffer-overflow in SoX 14.4.3git (formats_i.c:98:16) | 42b355 |
| 366 html and pdf generation is broken | - |
| 365 sox: Soory, there is no default audio device configured | #396 |
| 364 sox spectrogram title option breaks when using keyword | #163 |
| 363 sox segfaults when parsing CLI options | 42b355 |
| 362 CVE-2021-40426 sphere.c start_read() heap-based buffer overflow vulnerability | #27 |
| 361 sox not fading as expected | - |
| 360 [BUG] two bugs in sox | 14.4.242b355 |
| 359 DAT text file format broken on large number channel data files. | #412 |
| 358 Segmentation fault when creating a spectrogram with 3kHz limit | 42b355 |
| 356 SoX handles 32bit float files with volume over 0 dBFS incorrectly | #422 |
| 355 File Length Error for specific combination of reverb and tremolo | #425 |
| 354 Device enumeration duplicates ->Coreaudio.c needs updating to modern APIs | #167 fixes property_size #183 for updating |
| 352 heap-overflow in formats_i.c | CVE-2021-2315914.4.242b355 |
| 351 div zero in voc.c | CVE-2021-364342b355#247 |
| 350 Heap overflow in hcom.c | CVE-2021-2317242b355 |
| 349 div zero crash in wav.c | CVE-2021-3384442b355 |
| 346 sox noisered dies with segv | CVE-2021-3384442b355#26 |
| 345 Sox should preserve all aiff headers | #441 #446 |
| 343 speed effect not effective using soxlib APIs | #442 |
| 329 Outputting ogg/vorbis via the output effect is extremely slow | #545 |
| 323 devided by zero issue in flanger.c | #536 |
| 322 sox FAIL noisered: multi-channel effect drained asymmetrically! error | #548 |
| 314 Incorrect work of sox_read function with In-memory output buffers | #241 |
| 313 libsox.dylib generated incorrectly on OS X 10.10 and later (pending-fixed) | - |
| 309 Preventing division by zero in src/ao.c | #537 |
| 307 Filename with Special Characters fail | #203 |
| 304 Incorrect ByteRate and Non-Integer SampleRates | #552 |
| 295 clipping warning even with guard | #256 |
| 293 stats effect returns -inf if window is set to 0.36 seconds | #561 |
| 276 'gain -n' causes SoX v14.4.2 to not delete tmp file | #468 |
| 274 Codec bug in IMA and OKI ADPCM algorithms. | #562 |
| 263 FAIL sox: Sorry, there is no default audio device configured | #396 |
| 262 Double free when applying a LADSPA plugin with 2 input channels and 3 output channels | #245 |
Closed bugs created since 14.4.2
| BUG | Status | Issue/commit |
|---|---|---|
| 376 mailing lists not working | closed | - |
| 353 Recording 24/32 bits audio not in proper wave format | closed | cb1945e |
| 348 syntax error near unexpected token `-fstack-protector-strong' | closed-invalid | - |
| 347 error metadata.cpp, Line 636 Expression: is_valid() | closed-invalid | - |
| 344 invalid option "-w" error | closed | #210 |
| 342 sox has exited with error code 2 with Google Speech API | closed | - |
| 341 help text hides option parsing error message | closed-invalid | 8527195 |
| 340 Documentation mismatch for -A / -U | closed-out-of-date | - |
| 339 trim nr samples different behavior from nr seconds | closed-invalid | - |
| 338 Spectrogram of very BIG file | closed-invalid | #530 |
| 337 Output wav file >4gb corrupted from Sox remix of 3 wav files nto one wav file | closed-invalid | #530 |
| 334 Segmentation fault in rate.c:504:30 | closed-fixed | #56 |
| 333 Assertion fail in rate.c:303 | closed-fixed | #532 |
| 332 configure fails: syntax error near unexpected token `-Wl,--as-needed' | closed | #278 |
| 331 A Floating point exception in wav.c:950:80 | closed-invalid | #7 |
| 330 Playing file through SoX | closed-invalid | - |
| 328 Error code 2 with Google Speech API on EC2 instance | closed-invalid | - |
| 327 Memcpy-param-overlap in mp3-util.h | closed-fixed | #533 |
| 326 sox_sample_test.h needs math.h for fabs() | closed-fixed | 837d101 |
| 325 Integer Overflow in sox-fmt.c | closed-fixed | #20 |
| 324 Fix broken URLs in man page | closed-fixed | Done |
| 321 Stack-Buffer-Overflow in fft4g.c | closed-fixed | #18 |
| 320 Integer Overflow in xmalloc.h | closed-fixed | #17 |
| 319 Integer Overflow resulting in Heap-Buffer-Overflow in effect_i_dsp.c | closed-fixed | #15 |
| 318 NULL pointer dereference in effect_i_dsp.c | closed-fixed | #19 |
| 317 sox cannot handle true 32 bit | closed-fixed | - |
| 316 sox command | closed-invalid | - |
| 315 Converting the same wav file twice throws different output | closed-invalid | - |
| 312 Null byte at the end of gsrt files causes a click in playback | closed-fixed | #538 |
| 311 Unexpected display behavior when less than 80 columns | closed-fixed | #540 |
| 310 Parsing 0-frame aiff file fails with error: Missing SSND chunk in AIFF file | closed-fixed | #541 |
| 308 [PATCH] assertion failed (core dumped) while converting wav to hcom on 64 bit big endian machine | closed-fixed | #42 |
| 306 Version info not displayed | closed-fixed | #159 |
| 305 Sox blocking in an infinite loop when decoding AMR files | closed-fixed | #542 |
| 303 Sox/play WAV playing in double speed | closed-duplicate | #543 |
| 302 Missing $(DESTDIR) before ${bindir} in src/Makefile.am installcheck | closed-fixed | e4dcfe3 |
| 301 Bad FSF address in src/ladspa.h | closed-fixed | 126779c |
| 300 sox v14.4.2 segmentation violation when playing some wav files generated by Audacity | closed-fixed | 03eb5e9 38ea5cf |
| 299 Invalid memory read via crafted .xa file | closed-fixed | #14 |
| 298 Use-after-free while feeding malformed aiff file | closed-fixed | - |
| 297 SoX v14.4.2 vulnerable to a heap use-after-free condition after parsing AIFF file and calling sox_append_comments() | closed-fixed | - |
| 296 CVE-2017-11332, CVE-2017-11332, CVE-2017-11359 | closed-fixed | 8a441b1 |
| 294 Wrong conversion from 8 bit to 16 bit | closed-rejected | #564 |
| 292 Precision of 32-bit float appears incorrect | closed-invalid | - |
| 291 Support ID3 tags version 2.4 | closed-invalid | - |
| 290 sox_open_mem_write() on windows not worked | closed-wont-fix | #693 |
| 286 Skipped AIFF chunks fail to account for pad byte. | closed-fixed | 8a441b1 |
| 285 pipe decoded audio from ffmpeg to sox | closed-wont-fix | - |
| 284 Please update LibFlac.vcxproj to work with flac 1.3 | closed | - |
| 283 Z_SOLO macro in LibZLib.vcxproj | closed | - |
| 282 Compiler error C2039 in VS 2015 | closed-fixed | - |
| 281 repeat not working in a chain of effects | closed-invalid | - |
| 278 Infinite loop, info command and verbose output for corrupt WAV file | closed-fixed | #698 |
| 277 pulseaudio sound handler is buggy/inconsistent | closed-fixed | 26dea6c |
| 275 Different output length from trim if source is AIFF file | closed-unreproducible | #695 |
| 273 stdin/stdout not released when lsx_close called | closed-fixed | #696 |
| 272 sox_formats_quit does not properly clean things up | closed-fixed | #697 |
| 271 Can't open files which contains foreign characters | closed-duplicate | #203 |
| 270 Current git fails to build debian package on Debian and Ubuntu | closed-fixed | - |
| 269 sox play fails following Ubuntu 14.04 upgrade (3.13.0-65-generic) | closed-invalid | - |
| 268 Permission denied | closed-invalid | - |
| 267 "Bit-depth" stats result changes when signal is inverted | closed-fixed | #273 |
| 266 sox-14.4.2/src/mp3.c:407: undefined reference to `lsx_error' | closed-fixed | . |
| 265 Multiple memory corruption vulnerabilities in SoX 14.4.2 | closed-fixed | - |
| 264 sox is losing frames when trimming | closed-out-of-date | - |
| 261 absurd docs bug - PDF is doubled 14.4.1 and 14.4.2 | closed-fixed | #261 |
| 260 Reading from memory files depends upon uninitialized value read | closed-fixed | #699 |
| 259 sox WARN formats: can't set sample rate X; using Y | closed-invalid | - |
| 258 Sox produces non-deterministic / non-reproducible output when resampling! | closed-invalid | - |
| 257 ./sox monkey.wav -r 12500 -2 -s monkey.xxx FAILS in currents snapshot | closed-fixed | 3280a0c |
| 214 sox does not respond to SIGINT over ssh | closed-fixed | #540 |
sox_ng stems from sox-14.4.2, not from a more recent sox.sf.net commit,
because the first sox_ng release (micro) concentrates on bug fixes and
* patches in the distros, mostly based on 14.4.2, are more likely to apply cleanly
* sox.sf.net since 14.4.2 has 184 commits: a mixture of bug fixes, new features, build system fixes, code reformatting and refactoring and who knows what else
* the regression test suite shows that 42b355 fails on some CVEs that 14.4.2 doesn't, so it has more bugs as well as less. See Testing.
Bug 321: Stack-Buffer-Overflow in fft4g.c is addressed by patch b7883ae, imported by Debian, but on the test case it makes sox loop for 6 seconds consuming gigabytes of memory and creates a 127MB audio file of random noise just over an hour long. See issue #18: CVE-2017-8356.
This is because the check against FFT4G_MAX_SIZE makes the functions
in fft4g.c return instead of failing. The solution is to turn each
if (n > FFT4G_MAX_SIZE)
return;
into
if (n > FFT4G_MAX_SIZE) {
lsx_fail("FFT size is too large");
exit(2);
}
README to the repositorySoX's README file is generated by README.sh and is not included
in the repository. As a consequence, code browsed at sox.sf.net
shows at the bottom of the page README.osx or README.win32
which are irrelevant.
It would be better to run README.sh and add the generated README
to the repository. People editing README.sh or FEATURES.in
will have to remember to update README too and commit it,
unless this can be automated.
If sox.sf.net maintainers wish to import patches from sox_ng
and make a sox-14.4.3 release, that is of course fine.
After all, it's where everyone goes to get the latest sox
and where semiautomatic distros update from.
The easiest way to do this is to make a branch from 14.4.2,
import sox_ng's 14.4.X branch and undo the first post-14,4.2 commit
that changes all "sox" to "sox_ng" and adds configure --enable-replace,
then grep everything for _ng to make sure.