| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191204093332.GA7678@amd>
Date: Wed, 4 Dec 2019 10:33:33 +0100
From: Pavel Machek <pavel@...x.de>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Xiaojun Sang <xsang@...eaurora.org>,
Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
Vinod Koul <vkoul@...nel.org>, Mark Brown <broonie@...nel.org>,
Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 4.19 004/321] ASoC: compress: fix unsigned integer
overflow check
On Tue 2019-12-03 23:31:10, Greg Kroah-Hartman wrote:
> From: Xiaojun Sang <xsang@...eaurora.org>
>
> [ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]
>
> Parameter fragments and fragment_size are type of u32. U32_MAX is
> the correct check.
Why is this in stable? I doubt raising limit from 2GB to 4GB can be
called bugfix... kmalloc() will have problems allocating huge ammount
of memory, anyway.
Best regards,
Pavel
> +++ b/sound/core/compress_offload.c
> @@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
> {
> /* first let's check the buffer parameter's */
> if (params->buffer.fragment_size == 0 ||
> - params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
> + params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
> params->buffer.fragments == 0)
> return -EINVAL;
>
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists