On Wed, 03 Feb 2016 10:41:14 +0100, Takashi Iwai wrote: > > On Wed, 03 Feb 2016 10:35:14 +0100, > Takashi Iwai wrote: > > > > On Wed, 03 Feb 2016 09:57:50 +0100, > > Dmitry Vyukov wrote: > > > > > > Hello, > > > > > > The following program triggers an out-of-bounds write in > > > snd_rawmidi_kernel_write1 (run in parallel loop). It seems to try to > > > copy -1 bytes (aka 4GB) from user space into kernel smashing all on > > > its way. > > > > What card is /dev/midi3? Please check /proc/asound/cards. > > Is it MTPAV? > > In anyway the patch below should paper over it. But it's still > strange that it gets a negative value there. Could you put > > WARN_ON(count1 < 0) > > before the newly added check? > > I tried it locally with virmidi but it didn't appear, so far. Maybe > my setup is too slow and has fewer CPUs than yours. Scratch my previous patch, I could reproduce the issue on a faster machine in my office now :) Will work on it. Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
