From patchwork Fri Dec 21 09:06:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 10740151 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 22CBC1399 for ; Fri, 21 Dec 2018 09:07:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FE0B28433 for ; Fri, 21 Dec 2018 09:07:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03D5A284DA; Fri, 21 Dec 2018 09:07:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5EE1328435 for ; Fri, 21 Dec 2018 09:07:20 +0000 (UTC) Received: from alsa0.perex.cz (localhost [127.0.0.1]) by alsa0.perex.cz (Postfix) with ESMTP id 4C6CD267AB2; Fri, 21 Dec 2018 10:07:19 +0100 (CET) X-Original-To: alsa-devel@alsa-project.org Delivered-To: alsa-devel@alsa-project.org Received: by alsa0.perex.cz (Postfix, from userid 1000) id 177E4267ABD; Fri, 21 Dec 2018 10:07:17 +0100 (CET) Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) by alsa0.perex.cz (Postfix) with ESMTP id 6C0B5267A78 for ; Fri, 21 Dec 2018 10:07:14 +0100 (CET) Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wBL8x5xa046312; Fri, 21 Dec 2018 09:07:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : mime-version : content-type : in-reply-to; s=corp-2018-07-02; bh=GewZPBiE2qP88QzkvT5/YL2tM3sLb7VAmX9W4rDLj/o=; b=K7rqLNWx3h6lFtBL1uz2Ok5QJnK6CRTIMml9iNBUPZE9nzITUkjY/3R+l10TNJrooVs6 /3yknWTZtgTz9TMEtlzo/Nnp5tWXMy2sGj+Ft8rFexaNCVA6l0HYX/7NStvk9/R+1PKm YE7PVYE+QrtcIZ/qDN9NI7kxFr9JAb5paBot2appmUqabnsFRD/AGxKNpQYwSEgsIvIX JKcZCxpuGEJknGqnftStfVlQyjT9WYf65rh47LspJjdgt+6SUt63dTluw4lHHrS5ZrP0 HS9KsdywA1jvpS7zibqjFUZGylwfYapgoKLtk+fs0XPi7OBW+D5qeaITkSYSW2xdmqIk FQ== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2130.oracle.com with ESMTP id 2pfh3abbds-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 21 Dec 2018 09:07:14 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id wBL978nZ030116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 21 Dec 2018 09:07:08 GMT Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id wBL978oB018714; Fri, 21 Dec 2018 09:07:08 GMT Received: from kadam (/197.157.0.16) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 21 Dec 2018 01:07:07 -0800 Date: Fri, 21 Dec 2018 12:06:58 +0300 From: Dan Carpenter To: Patrick Lai , Srinivas Kandagatla Message-ID: <20181221090658.GD2735@kadam> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20181221090442.GA2735@kadam> X-Mailer: git-send-email haha only kidding User-Agent: Mutt/1.9.4 (2018-02-28) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9113 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812210073 Cc: alsa-devel@alsa-project.org, Banajit Goswami , kernel-janitors@vger.kernel.org, Takashi Iwai , Liam Girdwood , Vinod Koul , Mark Brown Subject: [alsa-devel] [PATCH 4/4] ALSA: compress: prevent potential divide by zero bugs X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: alsa-devel-bounces@alsa-project.org X-Virus-Scanned: ClamAV using ClamSMTP The problem is seen in the q6asm_dai_compr_set_params() function: ret = q6asm_map_memory_regions(dir, prtd->audio_client, prtd->phys, (prtd->pcm_size / prtd->periods), ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ prtd->periods); In this code prtd->pcm_size is the buffer_size and prtd->periods comes from params->buffer.fragments. If we allow the number of fragments to be zero then it results in a divide by zero bug. One possible fix would be to use prtd->pcm_count directly instead of using the division to re-calculate it. But I decided that it doesn't really make sense to allow zero fragments. Signed-off-by: Dan Carpenter --- I am not very sure of this patch. Please review it extra carefully because it is an API change. sound/core/compress_offload.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index a5b09e75e787..f7d2b373da0a 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -541,7 +541,8 @@ static int snd_compress_check_input(struct snd_compr_params *params) { /* first let's check the buffer parameter's */ if (params->buffer.fragment_size == 0 || - params->buffer.fragments > INT_MAX / params->buffer.fragment_size) + params->buffer.fragments > INT_MAX / params->buffer.fragment_size || + params->buffer.fragments == 0) return -EINVAL; /* now codec parameters */