summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter2018-12-21 10:06:58 +0100
committerMark Brown2019-01-03 17:32:57 +0100
commit678e2b44c8e3fec3afc7202f1996a4500a50be93 (patch)
treea189206cb58a46b267a11e2bc7b54d64721e6952
parentASoC: qdsp6: q6asm-dai: Fix a small memory leak (diff)
downloadkernel-qcow2-linux-678e2b44c8e3fec3afc7202f1996a4500a50be93.tar.gz
kernel-qcow2-linux-678e2b44c8e3fec3afc7202f1996a4500a50be93.tar.xz
kernel-qcow2-linux-678e2b44c8e3fec3afc7202f1996a4500a50be93.zip
ALSA: compress: prevent potential divide by zero bugs
The problem is seen in the q6asm_dai_compr_set_params() function: ret = q6asm_map_memory_regions(dir, prtd->audio_client, prtd->phys, (prtd->pcm_size / prtd->periods), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ prtd->periods); In this code prtd->pcm_size is the buffer_size and prtd->periods comes from params->buffer.fragments. If we allow the number of fragments to be zero then it results in a divide by zero bug. One possible fix would be to use prtd->pcm_count directly instead of using the division to re-calculate it. But I decided that it doesn't really make sense to allow zero fragments. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mark Brown <broonie@kernel.org>
Diffstat
-rw-r--r--sound/core/compress_offload.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index a5b09e75e787..f7d2b373da0a 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -541,7 +541,8 @@ static int snd_compress_check_input(struct snd_compr_params *params)
{
/* first let's check the buffer parameter's */
if (params->buffer.fragment_size == 0 ||
- params->buffer.fragments > INT_MAX / params->buffer.fragment_size)
+ params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
+ params->buffer.fragments == 0)
return -EINVAL;
/* now codec parameters */
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-07-05 20:01:08 +0200