Comment 0 for bug 1036831

When opening a crafted PAF file with channels=0 in the header, I receive a floating point exception error from libsndfile. I have verified this is different than any of the reported SIGFPEs in CVE-2009-4835, as they don't work on v21 or v25. This has been tested on two systems with four versions of libsndfile:

Ubuntu 10.04.4:
  *libsndfile-1.0.20 from CVE-2009-4835 reports
  *libsndfile-1.0.21-2 from /usr/lib via the 10.04 repository
  *libsndfile-1.0.25 compiled on the machine from the author's source page

Ubuntu 12.04
  *libsndfile-1.0.25-4 from /usr/lib/x86_64-linux-gnu via the 12.04 repository
  *libsndfile-1.0.25 compiled on the machine from the author's source page

On 10.04.4 I used the test programs "lt-sndfile-info" and "lt-sndfile-to-text". On 12.04 I just used "lt-sndfile-to-text". An example:

------------
$ ./lt-sndfile-info a.paf

Version : libsndfile-1.0.25

Floating point exception
------------

I have attached a tar file with the crafted audio file, a.paf. It also includes another, b.paf, where the only change is channels=1 to demonstrate different behavior.

Though this isn't a serious problem (libsndfile isn't a service), I've tagged it as a security vulnerability since I presume it's going to be a CWE_369 (I haven't looked at the source myself).