| Message ID | 20210827153735.789452-1-zsm@chromium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f3eef46f0518a2b32ca1244015820c35a22cfe4a |
| Headers | show |
| Series | [v2] ALSA: pcm: fix divide error in snd_pcm_lib_ioctl | expand |
On Fri, Aug 27, 2021 at 8:37 AM Zubin Mithra <zsm@chromium.org> wrote: > > Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size > is of type snd_pcm_uframes_t(unsigned long). If frame_size > is 0x100000000, the error occurs. > > Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") Reviewed-by: Guenter Roeck <groeck@chromium.org> > Signed-off-by: Zubin Mithra <zsm@chromium.org> > --- > sound/core/pcm_lib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c > index 7d5883432085..a144a3f68e9e 100644 > --- a/sound/core/pcm_lib.c > +++ b/sound/core/pcm_lib.c > @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, > channels = params_channels(params); > frame_size = snd_pcm_format_size(format, channels); > if (frame_size > 0) > - params->fifo_size /= (unsigned)frame_size; > + params->fifo_size /= frame_size; > } > return 0; > } > -- > 2.33.0.259.gc128427fd7-goog >
On Fri, 27 Aug 2021 17:37:35 +0200, Zubin Mithra wrote: > > Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size > is of type snd_pcm_uframes_t(unsigned long). If frame_size > is 0x100000000, the error occurs. > > Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") > Signed-off-by: Zubin Mithra <zsm@chromium.org> Thanks, applied. Takashi
diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index 7d5883432085..a144a3f68e9e 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, channels = params_channels(params); frame_size = snd_pcm_format_size(format, channels); if (frame_size > 0) - params->fifo_size /= (unsigned)frame_size; + params->fifo_size /= frame_size; } return 0; }
Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size is of type snd_pcm_uframes_t(unsigned long). If frame_size is 0x100000000, the error occurs. Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation") Signed-off-by: Zubin Mithra <zsm@chromium.org> --- sound/core/pcm_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)