Re: [PATCH 4.19 004/321] ASoC: compress: fix unsigned integer overflow check

From: Pavel Machek
Date: Wed Dec 04 2019 - 04:33:38 EST


On Tue 2019-12-03 23:31:10, Greg Kroah-Hartman wrote:
> From: Xiaojun Sang <xsang@xxxxxxxxxxxxxx>
>
> [ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]
>
> Parameter fragments and fragment_size are type of u32. U32_MAX is
> the correct check.

Why is this in stable? I doubt raising limit from 2GB to 4GB can be
called bugfix... kmalloc() will have problems allocating huge ammount
of memory, anyway.

Best regards,

Pavel

> +++ b/sound/core/compress_offload.c
> @@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
> {
> /* first let's check the buffer parameter's */
> if (params->buffer.fragment_size == 0 ||
> - params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
> + params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
> params->buffer.fragments == 0)
> return -EINVAL;
>

--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature