[PATCH 2/3] ALSA: pcm: oss: Limit the period size to 16MB
Takashi Iwai
tiwai at suse.de
Wed Dec 1 08:36:05 CET 2021
Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.
As of this patch, we set to 16MB limit, which should cover all use
cases.
Reported-by: syzbot+bb348e9f9a954d42746f at syzkaller.appspotmail.com
Reported-by: Bixuan Cui <cuibixuan at linux.alibaba.com>
Cc: <stable at vger.kernel.org>
Link: https://lore.kernel.org/r/1638270978-42412-1-git-send-email-cuibixuan@linux.alibaba.com
Signed-off-by: Takashi Iwai <tiwai at suse.de>
---
sound/core/oss/pcm_oss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index bec7590bc84b..89c4910daf02 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1962,7 +1962,7 @@ static int snd_pcm_oss_set_fragment1(struct snd_pcm_substream *substream, unsign
if (runtime->oss.subdivision || runtime->oss.fragshift)
return -EINVAL;
fragshift = val & 0xffff;
- if (fragshift >= 31)
+ if (fragshift >= 25) /* should be large enough */
return -EINVAL;
runtime->oss.fragshift = fragshift;
runtime->oss.maxfrags = (val >> 16) & 0xffff;
--
2.31.1
More information about the Alsa-devel
mailing list