Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ab7fa946 authored by Siqi Lin's avatar Siqi Lin Committed by Gerrit - the friendly Code Review server
Browse files

ALSA: info: Check for integer overflow in snd_info_entry_write() 



snd_info_entry_write() resizes the buffer with an unsigned long
size argument that gets truncated because resize_info_buffer()
takes the size parameter as an unsigned int. On 64-bit kernels,
this causes the following copy_to_user() to write out-of-bounds
if (pos + count) can't be represented by an unsigned int.

Bug: 32510733
Change-Id: I9e8b55f93f2bd606b4a73b5a4525b71ee88c7c23
Signed-off-by: default avatarSiqi Lin <siqilin@google.com>
Git-repo: https://android.googlesource.com/kernel/msm


Git-commit: 600c59f1f58bf30716d4a072add85f8da77c145c
Signed-off-by: default avatarDennis Cagle <d-cagle@codeaurora.org>
parent 56503fc3
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment