On Fri, 15 Oct 2021 21:59:29 +0200, Pierre-Louis Bossart wrote:
In some cases, the appl_ptr passed by userspace is not checked before being used. This patch adds an unconditional check and returns an error code should the appl_ptr exceed the ALSA 'boundary'.
Suggested-by: Takashi Iwai tiwai@suse.de Signed-off-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com Reviewed-by: Ranjani Sridharan ranjani.sridharan@linux.intel.com Reviewed-by: Kai Vehmanen kai.vehmanen@intel.com
Reviewed-by: Takashi Iwai tiwai@suse.de
thanks,
Takashi
sound/core/pcm_lib.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index a144a3f68e9e..ec53a3e7cf35 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -2132,6 +2132,9 @@ int pcm_lib_apply_appl_ptr(struct snd_pcm_substream *substream, if (old_appl_ptr == appl_ptr) return 0;
- if (appl_ptr >= runtime->boundary)
return -EINVAL;
- runtime->control->appl_ptr = appl_ptr; if (substream->ops->ack) { ret = substream->ops->ack(substream);
-- 2.25.1