On Fri, 15 Oct 2021 21:59:29 +0200, Pierre-Louis Bossart wrote: > > In some cases, the appl_ptr passed by userspace is not checked before > being used. This patch adds an unconditional check and returns an > error code should the appl_ptr exceed the ALSA 'boundary'. > > Suggested-by: Takashi Iwai <tiwai@xxxxxxx> > Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@xxxxxxxxxxxxxxx> > Reviewed-by: Ranjani Sridharan <ranjani.sridharan@xxxxxxxxxxxxxxx> > Reviewed-by: Kai Vehmanen <kai.vehmanen@xxxxxxxxx> Reviewed-by: Takashi Iwai <tiwai@xxxxxxx> thanks, Takashi > --- > sound/core/pcm_lib.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c > index a144a3f68e9e..ec53a3e7cf35 100644 > --- a/sound/core/pcm_lib.c > +++ b/sound/core/pcm_lib.c > @@ -2132,6 +2132,9 @@ int pcm_lib_apply_appl_ptr(struct snd_pcm_substream *substream, > if (old_appl_ptr == appl_ptr) > return 0; > > + if (appl_ptr >= runtime->boundary) > + return -EINVAL; > + > runtime->control->appl_ptr = appl_ptr; > if (substream->ops->ack) { > ret = substream->ops->ack(substream); > -- > 2.25.1 >