Commit 395f41e2 authored by Takashi Sakamoto's avatar Takashi Sakamoto Committed by Takashi Iwai
Browse files

ALSA: firewire-lib: fix check for the size of isochronous packet payload 



The check for size of isochronous packet payload just cares of the size of
IR context payload without the size of CIP header.

Cc: <stable@vger.kernel.org>
Fixes: f11453c7 ("ALSA: firewire-lib: use 16 bytes IR context header to separate CIP header")
Signed-off-by: default avatarTakashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20210513125652.110249-4-o-takashi@sakamocchi.jp


Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 0edabdfe

sound/firewire/amdtp-stream.c

+10 −4
Original line number Diff line number Diff line
@@ -633,18 +633,24 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle, 
			       unsigned int *syt, unsigned int index)

{

	const __be32 *cip_header;

	unsigned int cip_header_size;

	int err;



	*payload_length = be32_to_cpu(ctx_header[0]) >> ISO_DATA_LENGTH_SHIFT;

	if (*payload_length > s->ctx_data.tx.ctx_header_size +

					s->ctx_data.tx.max_ctx_payload_length) {



	if (!(s->flags & CIP_NO_HEADER))

		cip_header_size = 8;

	else

		cip_header_size = 0;



	if (*payload_length > cip_header_size + s->ctx_data.tx.max_ctx_payload_length) {

		dev_err(&s->unit->device,

			"Detect jumbo payload: %04x %04x\n",

			*payload_length, s->ctx_data.tx.max_ctx_payload_length);

			*payload_length, cip_header_size + s->ctx_data.tx.max_ctx_payload_length);

		return -EIO;

	}



	if (!(s->flags & CIP_NO_HEADER)) {

	if (cip_header_size > 0) {

		cip_header = ctx_header + 2;

		err = check_cip_header(s, cip_header, *payload_length,

				       data_blocks, data_block_counter, syt);