On Tue, 28 May 2019 07:27:03 +0200, <bgoswami@xxxxxxxxxxxxxx> wrote: > > From: Phani Kumar Uppalapati <phaniu@xxxxxxxxxxxxxx> > > Channel info data structure is parsed from userspace and if > the number of channels is not set correctly, it could lead > to integer overflow when the number of channels is multiplied > with pcm bit width. Add a condition to check for integer > overflow during the multiplication operationi, and return error > if overflow detected. > > Signed-off-by: Phani Kumar Uppalapati <phaniu@xxxxxxxxxxxxxx> > Signed-off-by: Banajit Goswami <bgoswami@xxxxxxxxxxxxxx> Did you really hit this? The info->channel value is already checked in snd_pcm_channel_info() before calling the ioctl ops, to the upper bound runtime->channels. So it shouldn't overflow at the point you suggested. thanks, Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
