korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

ALSA: wavefront: copy userspace array safely

Browse Source 
wavefront_fx.c utilizes memdup_user() to copy a userspace array. This
does not check for an overflow.

Use the new wrapper memdup_array_user() to copy the array more safely.

Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Link: https://lore.kernel.org/r/20231102190309.50891-2-pstanner@redhat.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Philipp Stanner 2023-11-02 20:03:10 +01:00 committed by Takashi Iwai
parent d04ce4113c
commit 5a77457232
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sound/isa/wavefront/wavefront_fx.c
View File

@ -191,9 +191,9 @@ snd_wavefront_fx_ioctl (struct snd_hwdep *sdev, struct file *file,
"> 512 bytes to FX\n");
return -EIO;
}
page_data = memdup_user((unsigned char __user *)
r.data[3],
r.data[2] * sizeof(short));
page_data = memdup_array_user((unsigned char __user *)
r.data[3],
r.data[2], sizeof(short));
if (IS_ERR(page_data))
return PTR_ERR(page_data);
pd = page_data;