Hi Sakamoto-san, On Tue, Jan 12, 2021 at 2:43 PM Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx> wrote: > On Mon, Jan 11, 2021 at 02:02:51PM +0100, Geert Uytterhoeven wrote: > > As snd_fw_async_midi_port.consume_bytes is unsigned int, and > > NSEC_PER_SEC is 1000000000L, the second multiplication in > > > > port->consume_bytes * 8 * NSEC_PER_SEC / 31250 > > > > always overflows on 32-bit platforms, truncating the result. Fix this > > by precalculating "NSEC_PER_SEC / 31250", which is an integer constant. > > > > Note that this assumes port->consume_bytes <= 16777. > > > > Fixes: 531f471834227d03 ("ALSA: firewire-lib/firewire-tascam: localize async midi port") > > Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx> > > --- > > Compile-tested only. > > > > I don't know the maximum transfer length of MIDI, but given it's an old > > standard, I guess it's rather small. If it is larger than 16777, the > > constant "8" should be replaced by "8ULL", to force 64-bit arithmetic. > > --- > > sound/firewire/tascam/tascam-transaction.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Indeed. The calculation brings integer overflow of 32 bit storage. Thanks > for your care and proposal of the patch. I agree with the intension of > patch, however I have a nitpicking that the consume_bytes member is > defined as 'int', not 'unsigned int' in your commit comment. Thanks, you're right. Note that port->consume_bytes being signed halves the limit to 8388 bytes, which is of course still met. > The member has value returned from the call of 'fill_message()'[1] for the > length of byte messages in buffer to process, or for error code. The > error code is checked immediately. The range of value is equal to > or less than 3 when reaching the calculation, thus it should be less than > 16777. > > Regardless of the type of 'int' or 'unsigned int', this patch can fix > the issued problem. Feel free to add my tag when you post second version > with comment fix. > > Reviewed-by: Takashi Sakamoto <o-takashi@xxxxxxxxxxxxx> Thanks! Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds