Thanks Takashi for the review!
On 5/27/2019 10:47 PM, Takashi Iwai wrote:
On Tue, 28 May 2019 07:27:03 +0200,
<bgoswami@xxxxxxxxxxxxxx> wrote:
From: Phani Kumar Uppalapati <phaniu@xxxxxxxxxxxxxx>
Channel info data structure is parsed from userspace and if
the number of channels is not set correctly, it could lead
to integer overflow when the number of channels is multiplied
with pcm bit width. Add a condition to check for integer
overflow during the multiplication operationi, and return error
if overflow detected.
Signed-off-by: Phani Kumar Uppalapati <phaniu@xxxxxxxxxxxxxx>
Signed-off-by: Banajit Goswami <bgoswami@xxxxxxxxxxxxxx>
Did you really hit this?
This was reported by static analysis tool.
I will take your feedback, and re-look at the issue, to see if this
issue can happen.
The info->channel value is already checked in snd_pcm_channel_info()
before calling the ioctl ops, to the upper bound runtime->channels.
So it shouldn't overflow at the point you suggested.
thanks,
Takashi
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
