Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 84d2099e authored by Erick Reyes's avatar Erick Reyes Committed by Greg Kroah-Hartman
Browse files

ALSA: info: Check for integer overflow in snd_info_entry_write() 



Commit 4adb7bcbcb69 ("ALSA: core: Use seq_file for text proc file
reads") heavily refactored ALSA procfs and fixed the overflow as
a side-effect, so this fix only applies to kernels < 4.2 and
there is no upstream equivalent

snd_info_entry_write() resizes the buffer with an unsigned long
size argument that gets truncated because resize_info_buffer()
takes the size parameter as an unsigned int. On 64-bit kernels,
this causes the following copy_to_user() to write out-of-bounds
if (pos + count) can't be represented by an unsigned int.

Signed-off-by: default avatarSiqi Lin <siqilin@google.com>
Signed-off-by: default avatarErick Reyes <erickreyes@google.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 208255c7
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment