From: Takashi Iwai <tiwai@suse.de>
To: alsa-devel@alsa-project.org
Cc: Bixuan Cui <cuibixuan@linux.alibaba.com>
Subject: [PATCH 2/3] ALSA: pcm: oss: Limit the period size to 16MB
Date: Wed, 1 Dec 2021 08:36:05 +0100 [thread overview]
Message-ID: <20211201073606.11660-3-tiwai@suse.de> (raw)
In-Reply-To: <20211201073606.11660-1-tiwai@suse.de>
Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.
As of this patch, we set to 16MB limit, which should cover all use
cases.
Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com
Reported-by: Bixuan Cui <cuibixuan@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1638270978-42412-1-git-send-email-cuibixuan@linux.alibaba.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
sound/core/oss/pcm_oss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index bec7590bc84b..89c4910daf02 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1962,7 +1962,7 @@ static int snd_pcm_oss_set_fragment1(struct snd_pcm_substream *substream, unsign
if (runtime->oss.subdivision || runtime->oss.fragshift)
return -EINVAL;
fragshift = val & 0xffff;
- if (fragshift >= 31)
+ if (fragshift >= 25) /* should be large enough */
return -EINVAL;
runtime->oss.fragshift = fragshift;
runtime->oss.maxfrags = (val >> 16) & 0xffff;
--
2.31.1
next prev parent reply other threads:[~2021-12-01 7:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 7:36 [PATCH 0/3] ALSA: pcm: oss: various fixes Takashi Iwai
2021-12-01 7:36 ` [PATCH 1/3] ALSA: pcm: oss: Fix negative period/buffer sizes Takashi Iwai
2021-12-01 7:36 ` Takashi Iwai [this message]
2021-12-01 7:36 ` [PATCH 3/3] ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211201073606.11660-3-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=cuibixuan@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.