Commit 7bbdd2bf authored Jul 16, 2014 by Dan Carpenter Committed by Thierry Strudel Jun 20, 2016

FROMLIST: ALSA: compress: fix an integer overflow check


I previously added an integer overflow check here but looking at it now,
it's still buggy.

The bug happens in snd_compr_allocate_buffer().  We multiply
".fragments" and ".fragment_size" and that doesn't overflow but then we
save it in an unsigned int so it truncates the high bits away and we
allocate a smaller than expected size.

Bug: 28592007
Change-Id: I3ef098ada955449fdd109d37b2176da849dd26af
Fixes: b35cc822 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Siqi Lin <siqilin@google.com>
(am https://source.codeaurora.org/quic/la/kernel/msm/commit/sound/core/compress_offload.c?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205)

parent 207103dc

No related branches found

No related tags found

No related merge requests found

Show whitespace changes

Inline Side-by-side

Showing with 1 addition and 1 deletion

Please register or to comment