Unverified Commit 0e888a74 authored Nov 19, 2021 by Pierre-Louis Bossart Committed by Mark Brown Nov 24, 2021

ALSA: pcm: unconditionally check if appl_ptr is in 0..boundary range



In some cases, the appl_ptr passed by userspace is not checked before
being used. This patch adds an unconditional check and returns an
error code should the appl_ptr exceed the ALSA 'boundary'.

Suggested-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20211119230852.206310-2-pierre-louis.bossart@linux.intel.com


Signed-off-by: Mark Brown <broonie@kernel.org>

parent 65c16dd2

sound/core/pcm_lib.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2133,6 +2133,9 @@ int pcm_lib_apply_appl_ptr(struct snd_pcm_substream *substream,
		if (old_appl_ptr == appl_ptr)
		return 0;

		if (appl_ptr >= runtime->boundary)
		return -EINVAL;

		runtime->control->appl_ptr = appl_ptr;
		if (substream->ops->ack) {
		ret = substream->ops->ack(substream);