| Message ID | 20210827004821.3658015-1-zsm@chromium.org (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ALSA: pcm: fix divide error in snd_pcm_lib_ioctl | expand |
On Fri, 27 Aug 2021 02:48:21 +0200, Zubin Mithra wrote: > > Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size > is of type snd_pcm_uframes_t(unsigned long). If frame_size > is 0x100000000, the error occurs. > > Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") > Signed-off-by: Zubin Mithra <zsm@chromium.org> > --- > sound/core/pcm_lib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c > index 7d5883432085..e41b4e01aa37 100644 > --- a/sound/core/pcm_lib.c > +++ b/sound/core/pcm_lib.c > @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, > channels = params_channels(params); > frame_size = snd_pcm_format_size(format, channels); > if (frame_size > 0) > - params->fifo_size /= (unsigned)frame_size; > + params->fifo_size /= (unsigned long)frame_size; I guess we can drop the cast completely, instead? It'd be less ugliness. Thanks! Takashi
On Fri, Aug 27, 2021 at 08:05:00AM +0200, Takashi Iwai wrote: > On Fri, 27 Aug 2021 02:48:21 +0200, > Zubin Mithra wrote: > > > > Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size > > is of type snd_pcm_uframes_t(unsigned long). If frame_size > > is 0x100000000, the error occurs. > > > > Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") > > Signed-off-by: Zubin Mithra <zsm@chromium.org> > > --- > > sound/core/pcm_lib.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c > > index 7d5883432085..e41b4e01aa37 100644 > > --- a/sound/core/pcm_lib.c > > +++ b/sound/core/pcm_lib.c > > @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, > > channels = params_channels(params); > > frame_size = snd_pcm_format_size(format, channels); > > if (frame_size > 0) > > - params->fifo_size /= (unsigned)frame_size; > > + params->fifo_size /= (unsigned long)frame_size; > > I guess we can drop the cast completely, instead? > It'd be less ugliness. Sounds good, thanks, I've sent out a v2. > > > Thanks! > > Takashi
diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index 7d5883432085..e41b4e01aa37 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, channels = params_channels(params); frame_size = snd_pcm_format_size(format, channels); if (frame_size > 0) - params->fifo_size /= (unsigned)frame_size; + params->fifo_size /= (unsigned long)frame_size; } return 0; }
Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size is of type snd_pcm_uframes_t(unsigned long). If frame_size is 0x100000000, the error occurs. Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") Signed-off-by: Zubin Mithra <zsm@chromium.org> --- sound/core/pcm_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)