[alsa-devel] [PATCH] ALSA: pcm: Check for integer overflow during multiplication
Banajit Goswami
bgoswami at codeaurora.org
Mon Jun 3 06:43:41 CEST 2019
Thanks Takashi for the review!
On 5/27/2019 10:47 PM, Takashi Iwai wrote:
> On Tue, 28 May 2019 07:27:03 +0200,
> <bgoswami at codeaurora.org> wrote:
>> From: Phani Kumar Uppalapati <phaniu at codeaurora.org>
>>
>> Channel info data structure is parsed from userspace and if
>> the number of channels is not set correctly, it could lead
>> to integer overflow when the number of channels is multiplied
>> with pcm bit width. Add a condition to check for integer
>> overflow during the multiplication operationi, and return error
>> if overflow detected.
>>
>> Signed-off-by: Phani Kumar Uppalapati <phaniu at codeaurora.org>
>> Signed-off-by: Banajit Goswami <bgoswami at codeaurora.org>
> Did you really hit this?
This was reported by static analysis tool.
I will take your feedback, and re-look at the issue, to see if this
issue can happen.
> The info->channel value is already checked in snd_pcm_channel_info()
> before calling the ioctl ops, to the upper bound runtime->channels.
> So it shouldn't overflow at the point you suggested.
>
>
> thanks,
>
> Takashi
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
More information about the Alsa-devel
mailing list