LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Zubin Mithra <zsm@chromium.org>,
Guenter Roeck <groeck@chromium.org>, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 5.10 24/29] ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
Date: Mon, 6 Sep 2021 14:55:39 +0200 [thread overview]
Message-ID: <20210906125450.587128816@linuxfoundation.org> (raw)
In-Reply-To: <20210906125449.756437409@linuxfoundation.org>
From: Zubin Mithra <zsm@chromium.org>
commit f3eef46f0518a2b32ca1244015820c35a22cfe4a upstream.
Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size
is of type snd_pcm_uframes_t(unsigned long). If frame_size
is 0x100000000, the error occurs.
Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation")
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210827153735.789452-1-zsm@chromium.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/pcm_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/core/pcm_lib.c
+++ b/sound/core/pcm_lib.c
@@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(s
channels = params_channels(params);
frame_size = snd_pcm_format_size(format, channels);
if (frame_size > 0)
- params->fifo_size /= (unsigned)frame_size;
+ params->fifo_size /= frame_size;
}
return 0;
}
next prev parent reply other threads:[~2021-09-06 12:57 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-06 12:55 [PATCH 5.10 00/29] 5.10.63-rc1 review Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 01/29] ext4: fix race writing to an inline_data file while its xattrs are changing Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 02/29] fscrypt: add fscrypt_symlink_getattr() for computing st_size Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 03/29] ext4: report correct st_size for encrypted symlinks Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 04/29] f2fs: " Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 05/29] ubifs: " Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 06/29] Revert "ucounts: Increase ucounts reference counter before the security hook" Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 07/29] Revert "cred: add missing return error code when set_cred_ucounts() failed" Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 08/29] Revert "Add a reference to ucounts for each cred" Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 09/29] static_call: Fix unused variable warn w/o MODULE Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 10/29] xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 11/29] ARM: OMAP1: ams-delta: remove unused function ams_delta_camera_power Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 12/29] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 13/29] reset: reset-zynqmp: Fixed the argument data type Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 14/29] qed: Fix the VF msix vectors flow Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 15/29] net: macb: Add a NULL check on desc_ptp Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 16/29] qede: Fix memset corruption Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 17/29] perf/x86/intel/pt: Fix mask of num_address_ranges Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 18/29] ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 19/29] perf/x86/amd/ibs: Work around erratum #1197 Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 20/29] perf/x86/amd/power: Assign pmu.module Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 21/29] cryptoloop: add a deprecation warning Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 22/29] ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 23/29] ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 Greg Kroah-Hartman
2021-09-06 12:55 ` Greg Kroah-Hartman [this message]
2021-09-06 12:55 ` [PATCH 5.10 25/29] serial: 8250: 8250_omap: Fix possible array out of bounds access Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 26/29] spi: Switch to signed types for *_native_cs SPI controller fields Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 27/29] new helper: inode_wrong_type() Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 28/29] fuse: fix illegal access to inode with reused nodeid Greg Kroah-Hartman
2021-09-06 12:55 ` [PATCH 5.10 29/29] media: stkwebcam: fix memory leak in stk_camera_probe Greg Kroah-Hartman
2021-09-06 19:58 ` [PATCH 5.10 00/29] 5.10.63-rc1 review Pavel Machek
2021-09-06 19:58 ` Fox Chen
2021-09-07 7:10 ` Naresh Kamboju
2021-09-07 7:11 ` Samuel Zou
2021-09-07 13:12 ` Sudip Mukherjee
2021-09-07 18:34 ` Florian Fainelli
2021-09-07 20:07 ` Shuah Khan
2021-09-08 1:19 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210906125450.587128816@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.de \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).