From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753603Ab2AHNUW (ORCPT ); Sun, 8 Jan 2012 08:20:22 -0500 Received: from cantor2.suse.de ([195.135.220.15]:47719 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753563Ab2AHNUU (ORCPT ); Sun, 8 Jan 2012 08:20:20 -0500 Date: Sun, 08 Jan 2012 14:20:15 +0100 Message-ID: From: Takashi Iwai To: Xi Wang Cc: Jaroslav Kysela , Clemens Ladisch , Daniel Mack , Wolfgang Breyha , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range() In-Reply-To: <780588F2-6183-44B3-8EB8-CB82FB3DD8A7@gmail.com> References: <1325698749-5353-1-git-send-email-xi.wang@gmail.com> <780588F2-6183-44B3-8EB8-CB82FB3DD8A7@gmail.com> User-Agent: Wanderlust/2.15.6 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.7 Emacs/23.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org At Sun, 8 Jan 2012 07:45:09 -0500, Xi Wang wrote: > > On Jan 8, 2012, at 4:09 AM, Takashi Iwai wrote: > > As of now, I have little time to evaluate, so I might have missed > > something, but I wonder whether > > > > /* avoid overflow */ > > if (nr_rates == KMALLOC_MAX_SIZE / sizeof(int)) > > break; > > > > is the best way to check. This looks ugly to me. > > If we need to limit the number of rates, better to define some proper > > numbers as the upper limit. And then, it should warn, not only > > breaking loop. > > Thanks for looking into this. Yeah, I agree using something like > MAX_NR_RATES is better. Is 65535 okay or do we need a larger limit? It's way too higher than any realistic situation ;) I guess 1000 or such should suffice. thanks, Takashi From mboxrd@z Thu Jan 1 00:00:00 1970 From: Takashi Iwai Subject: Re: [PATCH] ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range() Date: Sun, 08 Jan 2012 14:20:15 +0100 Message-ID: References: <1325698749-5353-1-git-send-email-xi.wang@gmail.com> <780588F2-6183-44B3-8EB8-CB82FB3DD8A7@gmail.com> Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15]) by alsa0.perex.cz (Postfix) with ESMTP id 21E8B24150 for ; Sun, 8 Jan 2012 14:20:23 +0100 (CET) In-Reply-To: <780588F2-6183-44B3-8EB8-CB82FB3DD8A7@gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: alsa-devel-bounces@alsa-project.org Errors-To: alsa-devel-bounces@alsa-project.org To: Xi Wang Cc: alsa-devel@alsa-project.org, Clemens Ladisch , linux-kernel@vger.kernel.org, Daniel Mack , Wolfgang Breyha List-Id: alsa-devel@alsa-project.org At Sun, 8 Jan 2012 07:45:09 -0500, Xi Wang wrote: > > On Jan 8, 2012, at 4:09 AM, Takashi Iwai wrote: > > As of now, I have little time to evaluate, so I might have missed > > something, but I wonder whether > > > > /* avoid overflow */ > > if (nr_rates == KMALLOC_MAX_SIZE / sizeof(int)) > > break; > > > > is the best way to check. This looks ugly to me. > > If we need to limit the number of rates, better to define some proper > > numbers as the upper limit. And then, it should warn, not only > > breaking loop. > > Thanks for looking into this. Yeah, I agree using something like > MAX_NR_RATES is better. Is 65535 okay or do we need a larger limit? It's way too higher than any realistic situation ;) I guess 1000 or such should suffice. thanks, Takashi