mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
ALSA: compress: fix an integer overflow check
I previously added an integer overflow check here but looking at it now,
it's still buggy.
The bug happens in snd_compr_allocate_buffer(). We multiply
".fragments" and ".fragment_size" and that doesn't overflow but then we
save it in an unsigned int so it truncates the high bits away and we
allocate a smaller than expected size.
Fixes: b35cc82258 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
Change-Id: I7759b19003e8bebbcb16652a6398a8ef8c355250
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Dan Carpenter
Flex1911
parent
c40c161d91
commit
39cd3354c6
1 changed files with 1 additions and 1 deletions
|
|
@ -432,7 +432,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
|
|||
{
|
||||
/* first let's check the buffer parameter's */
|
||||
if (params->buffer.fragment_size == 0 ||
|
||||
params->buffer.fragments > UINT_MAX / params->buffer.fragment_size)
|
||||
params->buffer.fragments > INT_MAX / params->buffer.fragment_size)
|
||||
return -EINVAL;
|
||||
|
||||
/* now codec parameters */
|
||||
|
|
|
|||
Loading…
Reference in a new issue