Hi Sakamoto-san,
On Tue, Jan 12, 2021 at 2:43 PM Takashi Sakamoto o-takashi@sakamocchi.jp wrote:
On Mon, Jan 11, 2021 at 02:02:51PM +0100, Geert Uytterhoeven wrote:
As snd_fw_async_midi_port.consume_bytes is unsigned int, and NSEC_PER_SEC is 1000000000L, the second multiplication in
port->consume_bytes * 8 * NSEC_PER_SEC / 31250always overflows on 32-bit platforms, truncating the result. Fix this by precalculating "NSEC_PER_SEC / 31250", which is an integer constant.
Note that this assumes port->consume_bytes <= 16777.
Fixes: 531f471834227d03 ("ALSA: firewire-lib/firewire-tascam: localize async midi port") Signed-off-by: Geert Uytterhoeven geert+renesas@glider.be
Compile-tested only.
I don't know the maximum transfer length of MIDI, but given it's an old standard, I guess it's rather small. If it is larger than 16777, the constant "8" should be replaced by "8ULL", to force 64-bit arithmetic.
sound/firewire/tascam/tascam-transaction.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Indeed. The calculation brings integer overflow of 32 bit storage. Thanks for your care and proposal of the patch. I agree with the intension of patch, however I have a nitpicking that the consume_bytes member is defined as 'int', not 'unsigned int' in your commit comment.
Thanks, you're right. Note that port->consume_bytes being signed halves the limit to 8388 bytes, which is of course still met.
The member has value returned from the call of 'fill_message()'[1] for the length of byte messages in buffer to process, or for error code. The error code is checked immediately. The range of value is equal to or less than 3 when reaching the calculation, thus it should be less than 16777.
Regardless of the type of 'int' or 'unsigned int', this patch can fix the issued problem. Feel free to add my tag when you post second version with comment fix.
Reviewed-by: Takashi Sakamoto o-takashi@sakamocchi.jp
Thanks!
Gr{oetje,eeting}s,
Geert