On Tue 2019-12-03 23:31:10, Greg Kroah-Hartman wrote:
From: Xiaojun Sang xsang@codeaurora.org
[ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]
Parameter fragments and fragment_size are type of u32. U32_MAX is the correct check.
Why is this in stable? I doubt raising limit from 2GB to 4GB can be called bugfix... kmalloc() will have problems allocating huge ammount of memory, anyway.
Best regards,
Pavel
+++ b/sound/core/compress_offload.c @@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params) { /* first let's check the buffer parameter's */ if (params->buffer.fragment_size == 0 ||
params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
return -EINVAL;params->buffer.fragments > U32_MAX / params->buffer.fragment_size || params->buffer.fragments == 0)