Running "sox --version" returns:
sox: SoX v
Apparently the version is missing. On a linux system it looks like this:
$ sox --version
sox: SoX v14.4.1
Additional information: installed package is sox-14.4.2. Problem seen on a freebsd 10.1 system.
Created attachment 164873 [details]
fetch a patch that removes the pure attribute from sox_version
Interesting bug :) The underlying cause is that the sox_version function is marked "pure", which means that it causes no side-effects. In reality, it does cause a side-effect, by filling in an internal version string buffer. clang optimizes away the function call, which means that the string never gets filled. A bug had already been filed against the upstream sox source tree ( https://sourceforge.net/p/sox/patches/104/ ) , so here's a patch that simply fetches that patch before building.
Created attachment 164877 [details]
A commit references this bug:
Date: Thu Dec 31 08:25:36 UTC 2015
New revision: 404912
Display version string correctly
Submitted by: email@example.com
Approved by: firstname.lastname@example.org (maintainer)
Hello. I have a question. Has the fix solved a problem below?
% pkg audit sox-14.4.2
sox-14.4.2 is vulnerable:
sox -- memory corruption vulnerabilities
1 problem(s) in the installed packages found.
(In reply to Tatsuki Makino from comment #4)
No, this patch only fixes the version string. You can watch https://sourceforge.net/p/sox/bugs/265/ to see when someone creates a patch for the security issues.
(In reply to Dan Nelson from comment #5)
Thank you very much.
pkg audit has returned wrong result since this bug was solved.
% pkg audit sox-14.4.2_1
0 problem(s) in the installed packages found.