Re: [PATCH v2] ALSA: wavefront: Fix integer overflow in sample size validation

Next message: Takashi Iwai: "Re: [PATCH] ALSA: hda/senary: Replace magic numbers with defined constants"
Previous message: Takashi Iwai: "Re: [PATCH] ALSA: wavefront: Clear substream pointers on close"
In reply to: Junrui Luo: "[PATCH v2] ALSA: wavefront: Fix integer overflow in sample size validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Thu Nov 06 2025 - 05:03:58 EST

On Thu, 06 Nov 2025 03:49:46 +0100,
Junrui Luo wrote:
>
> The wavefront_send_sample() function has an integer overflow issue
> when validating sample size. The header->size field is u32 but gets
> cast to int for comparison with dev->freemem
>
> Fix by using unsigned comparison to avoid integer overflow.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Junrui Luo <moonafterrain@xxxxxxxxxxx>

> ---
> Changes in v2:
> - Check for negative freemem before size comparison
> - Link to v1: https://lore.kernel.org/all/SYBPR01MB7881FA5CEECF0CCEABDD6CC4AFC4A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

Applied now. Thanks.

Takashi