a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
847cc374eb
android_kernel_samsung_a7y1.../sound/core
History
Takashi Iwai 847cc374eb ALSA: pcm: oss: Avoid potential buffer overflows 
commit 4cc8d6505ab82db3357613d36e6c58a297f57f7c upstream.

syzkaller reported an invalid access in PCM OSS read, and this seems
to be an overflow of the internal buffer allocated for a plugin.
Since the rate plugin adjusts its transfer size dynamically, the
calculation for the chained plugin might be bigger than the given
buffer size in some extreme cases, which lead to such an buffer
overflow as caught by KASAN.

Fix it by limiting the max transfer size properly by checking against
the destination size in each plugin transfer callback.

Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 12:45:42 +02:00
..
oss ALSA: pcm: oss: Avoid potential buffer overflows 2020-04-07 12:45:42 +02:00
seq ALSA: seq: Do error checks at creating system ports 2020-04-07 12:26:42 +02:00
compress_offload.c ASoC: compress: fix unsigned integer overflow check 2020-04-07 12:40:07 +02:00
control_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
control.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ctljack.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
device.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hrtimer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hwdep_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
hwdep.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
info_oss.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
info.c ALSA: info: Fix racy addition/deletion of nodes 2020-04-06 15:57:17 +02:00
init.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
isadma.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
jack.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
memalloc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
memory.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
misc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_dmaengine.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_drm_eld.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_iec958.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_lib.c ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() 2020-04-07 12:44:08 +02:00
pcm_memory.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_misc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_native.c ALSA: PCM: check if ops are defined before suspending PCM 2020-04-06 14:51:27 +02:00
pcm_timer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm_trace.h A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
pcm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rawmidi_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
rawmidi.c ALSA: rawmidi: Fix potential Spectre v1 vulnerability 2020-04-06 13:00:54 +02:00
rtctimer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sgbuf.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sound_oss.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sound.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
timer_compat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
timer.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
vmaster.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30