forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/sound/core/oss
History
Takashi Iwai c6bebccd3c ALSA: pcm: oss: Avoid potential buffer overflows 
commit 4cc8d6505a upstream.

syzkaller reported an invalid access in PCM OSS read, and this seems
to be an overflow of the internal buffer allocated for a plugin.
Since the rate plugin adjusts its transfer size dynamically, the
calculation for the chained plugin might be bigger than the given
buffer size in some extreme cases, which lead to such an buffer
overflow as caught by KASAN.

Fix it by limiting the max transfer size properly by checking against
the destination size in each plugin transfer callback.

Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-12-13 08:52:37 +01:00
..
copy.c
io.c ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
linear.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-13 08:52:37 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_oss.c sound: Use octal not symbolic permissions 2018-05-28 11:27:20 +02:00
mulaw.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-13 08:52:37 +01:00
pcm_oss.c ALSA: pcm: Fix possible OOB access in PCM oss plugins 2019-04-03 06:26:22 +02:00
pcm_plugin.c ALSA: pcm: signedness bug in snd_pcm_plug_alloc() 2019-11-20 18:45:23 +01:00
pcm_plugin.h ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
rate.c
route.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-13 08:52:37 +01:00