OSDN Git Service

(root) / sagit-ice-cold / kernel_xiaomi_msm8998.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1503f65) | patch
ALSA: pcm: oss: Avoid potential buffer overflows
authorTakashi Iwai <tiwai@suse.de>
Wed, 4 Dec 2019 14:48:24 +0000 (15:48 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 21 Dec 2019 09:34:49 +0000 (10:34 +0100)
commit8b054788b806e627e46b0d0b0e4285d31f8456e2
tree5a7fa126e6b0149d71c5787888ae680796e19868tree | snapshot
parent1503f6538360c975ce95c1f27324eac26d44bebbcommit | diff
ALSA: pcm: oss: Avoid potential buffer overflows

commit 4cc8d6505ab82db3357613d36e6c58a297f57f7c upstream.

syzkaller reported an invalid access in PCM OSS read, and this seems
to be an overflow of the internal buffer allocated for a plugin.
Since the rate plugin adjusts its transfer size dynamically, the
calculation for the chained plugin might be bigger than the given
buffer size in some extreme cases, which lead to such an buffer
overflow as caught by KASAN.

Fix it by limiting the max transfer size properly by checking against
the destination size in each plugin transfer callback.

Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
sound/core/oss/linear.c diff | blob | history
sound/core/oss/mulaw.c diff | blob | history
sound/core/oss/route.c diff | blob | history
Mirror: https://github.com/0ranko0P/kernel_xiaomi_msm8998/
About OSDN
Find Software
Develop Software
Help