releases/4.9.206/asoc-compress-fix-unsigned-integer-overflow-check.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 8d7210b296595bd4e011656f7e95aed1bfbd7cc0 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Mon, 21 Oct 2019 10:54:32 +0100
 Subject: ASoC: compress: fix unsigned integer overflow check

 From: Xiaojun Sang <xsang@codeaurora.org>

 [ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]

 Parameter fragments and fragment_size are type of u32. U32_MAX is
 the correct check.

 Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
 Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
 Acked-by: Vinod Koul <vkoul@kernel.org>
 Link: https://lore.kernel.org/r/20191021095432.5639-1-srinivas.kandagatla@linaro.org
 Signed-off-by: Mark Brown <broonie@kernel.org>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  sound/core/compress_offload.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
 index 2e2d184684911..7ae8e24dc1e61 100644
 --- a/sound/core/compress_offload.c
 +++ b/sound/core/compress_offload.c
 @@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
  {
  	/* first let's check the buffer parameter's */
  	if (params->buffer.fragment_size == 0 ||
 -	    params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
 +	    params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
  	    params->buffer.fragments == 0)
  		return -EINVAL;

 --
 2.20.1
	From 8d7210b296595bd4e011656f7e95aed1bfbd7cc0 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Mon, 21 Oct 2019 10:54:32 +0100
	Subject: ASoC: compress: fix unsigned integer overflow check

	From: Xiaojun Sang <xsang@codeaurora.org>

	[ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]

	Parameter fragments and fragment_size are type of u32. U32_MAX is
	the correct check.

	Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
	Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
	Acked-by: Vinod Koul <vkoul@kernel.org>
	Link: https://lore.kernel.org/r/20191021095432.5639-1-srinivas.kandagatla@linaro.org
	Signed-off-by: Mark Brown <broonie@kernel.org>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	sound/core/compress_offload.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
	index 2e2d184684911..7ae8e24dc1e61 100644
	--- a/sound/core/compress_offload.c
	+++ b/sound/core/compress_offload.c
	@@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
	{
	/* first let's check the buffer parameter's */
	if (params->buffer.fragment_size == 0 \|\|
	- params->buffer.fragments > INT_MAX / params->buffer.fragment_size \|\|
	+ params->buffer.fragments > U32_MAX / params->buffer.fragment_size \|\|
	params->buffer.fragments == 0)
	return -EINVAL;

	--
	2.20.1