On Tue 2019-12-03 23:31:10, Greg Kroah-Hartman wrote:
> From: Xiaojun Sang <xsang@xxxxxxxxxxxxxx>
>
> [ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]
>
> Parameter fragments and fragment_size are type of u32. U32_MAX is
> the correct check.
Why is this in stable? I doubt raising limit from 2GB to 4GB can be
called bugfix... kmalloc() will have problems allocating huge ammount
of memory, anyway.
Best regards,
Pavel
> +++ b/sound/core/compress_offload.c
> @@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
> {
> /* first let's check the buffer parameter's */
> if (params->buffer.fragment_size == 0 ||
> - params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
> + params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
> params->buffer.fragments == 0)
> return -EINVAL;
>
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
