507cbac4ff7a52581cd98739c241e008ff0b05d1 - pub/scm/linux/kernel/git/stable/linux-stable-rc

commit	507cbac4ff7a52581cd98739c241e008ff0b05d1	[log] [tgz]
author	Junrui Luo <moonafterrain@outlook.com>	Thu Nov 06 10:49:46 2025 +0800
committer	Sasha Levin <sashal@kernel.org>	Thu Dec 18 08:01:38 2025 -0500
tree	9ef2901149f630052dbac5b57e98c129942830f7
parent	6d05b0ac64c92a322b32ff91779d8ee315be32e3 [diff]

ALSA: wavefront: Fix integer overflow in sample size validation

commit 0c4a13ba88594fd4a27292853e736c6b4349823d upstream.

The wavefront_send_sample() function has an integer overflow issue
when validating sample size. The header->size field is u32 but gets
cast to int for comparison with dev->freemem

Fix by using unsigned comparison to avoid integer overflow.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB7881B47789D1B060CE8BF4C3AFC2A@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sound/isa/wavefront/wavefront_synth.c[diff]

1 file changed

tree: 9ef2901149f630052dbac5b57e98c129942830f7