[alsa-devel] [PATCH] ALSA: pcm: Check for integer overflow during multiplication

Takashi Iwai tiwai at suse.de
Tue May 28 07:47:35 CEST 2019


On Tue, 28 May 2019 07:27:03 +0200,
<bgoswami at codeaurora.org> wrote:
> 
> From: Phani Kumar Uppalapati <phaniu at codeaurora.org>
> 
> Channel info data structure is parsed from userspace and if
> the number of channels is not set correctly, it could lead
> to integer overflow when the number of channels is multiplied
> with pcm bit width. Add a condition to check for integer
> overflow during the multiplication operationi, and return error
> if overflow detected.
> 
> Signed-off-by: Phani Kumar Uppalapati <phaniu at codeaurora.org>
> Signed-off-by: Banajit Goswami <bgoswami at codeaurora.org>

Did you really hit this?

The info->channel value is already checked in snd_pcm_channel_info()
before calling the ioctl ops, to the upper bound runtime->channels.
So it shouldn't overflow at the point you suggested.


thanks,

Takashi


More information about the Alsa-devel mailing list