On Fri, Aug 27, 2021 at 8:37 AM Zubin Mithra <zsm@xxxxxxxxxxxx> wrote:
>
> Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size
> is of type snd_pcm_uframes_t(unsigned long). If frame_size
> is 0x100000000, the error occurs.
>
> Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation")
Reviewed-by: Guenter Roeck <groeck@xxxxxxxxxxxx>
> Signed-off-by: Zubin Mithra <zsm@xxxxxxxxxxxx>
> ---
> sound/core/pcm_lib.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
> index 7d5883432085..a144a3f68e9e 100644
> --- a/sound/core/pcm_lib.c
> +++ b/sound/core/pcm_lib.c
> @@ -1746,7 +1746,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream,
> channels = params_channels(params);
> frame_size = snd_pcm_format_size(format, channels);
> if (frame_size > 0)
> - params->fifo_size /= (unsigned)frame_size;
> + params->fifo_size /= frame_size;
> }
> return 0;
> }
> --
> 2.33.0.259.gc128427fd7-goog
>
