Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 7dd2cab2663d70b1a57f33898a89fbd00b315b99
commit7dd2cab2663d70b1a57f33898a89fbd00b315b99[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Wed Jul 16 09:37:00 2014 +0300
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Aug 06 13:01:17 2017 +0200
treedf02bbff97d298fb06126d89cec62bd97ddfff56
parent42bf4eaf8f61ab342d6d94ee715ba95341dea929 [diff]
ALSA: compress: fix an integer overflow check

Change-Id: Iba5acd089cae2d5320ddc82789e5e5b69a4cfdc1

I previously added an integer overflow check here but looking at it now,
it's still buggy. The bug happens in snd_compr_allocate_buffer().
We multiply ".fragments" and ".fragment_size" and that doesn't overflow
but then we save it in an unsigned int so it truncates the high bits
away and we allocate a smaller than expected size.

Fixes: b35cc8225845 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
Change-Id: I2a7dccf9d5b6d7bd02e841c1a6fa754bf4978cd8
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
1 file changed
tree: df02bbff97d298fb06126d89cec62bd97ddfff56
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS