Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ALSA: wavefront: Fix integer overflow in sample size validation 

The wavefront_send_sample() function has an integer overflow issue
when validating sample size. The header->size field is u32 but gets
cast to int for comparison with dev->freemem

Fix by using unsigned comparison to avoid integer overflow.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB7881B47789D1B060CE8BF4C3AFC2A@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Junrui Luo 2025-11-06 10:49:46 +08:00 committed by Takashi Iwai
parent e11c5c13ce
commit 0c4a13ba88
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sound/isa/wavefront/wavefront_synth.c
View File

@ -950,9 +950,9 @@ wavefront_send_sample (snd_wavefront_t *dev,
if (header->size) {
dev->freemem = wavefront_freemem (dev);
if (dev->freemem < (int)header->size) {
if (dev->freemem < 0 || dev->freemem < header->size) {
dev_err(dev->card->dev,
"insufficient memory to load %d byte sample.\n",
"insufficient memory to load %u byte sample.\n",
header->size);
return -ENOMEM;
}