linux/sound/core
Takashi Iwai 175b8d89fe ALSA: pcm: oss: Fix potential out-of-bounds shift
syzbot spotted a potential out-of-bounds shift in the PCM OSS layer
where it calculates the buffer size with the arbitrary shift value
given via an ioctl.

Add a range check for avoiding the undefined behavior.
As the value can be treated by a signed integer, the max shift should
be 30.

Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201209084552.17109-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2020-12-14 09:10:39 +01:00
..
oss ALSA: pcm: oss: Fix potential out-of-bounds shift 2020-12-14 09:10:39 +01:00
seq ALSA: seq: Use bool for snd_seq_queue internal flags 2020-12-06 09:35:53 +01:00
compress_offload.c ALSA: compress: allow pause and resume during draining 2020-11-27 19:45:05 +01:00
control_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
control.c ALSA: ctl: fix error path at adding user-defined element set 2020-11-13 11:33:55 +01:00
ctljack.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device.c ALSA: core: Add snd_device_get_state() helper 2020-03-23 18:09:19 +01:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
info_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
info.c ALSA: info: Drop WARN_ON() from buffer NULL sanity check 2020-07-17 10:59:38 +02:00
init.c ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro 2020-09-03 09:26:38 +02:00
isadma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
jack.c ALSA: jack: More constification 2020-01-05 16:14:57 +01:00
Kconfig ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: core: memalloc: fix fallthrough position 2020-09-03 09:24:49 +02:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_compat.c ALSA: pcm: Fix sparse warnings wrt snd_pcm_state_t 2020-01-31 16:23:13 +01:00
pcm_dmaengine.c ALSA: fix kernel-doc markups 2020-10-26 15:26:31 +01:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c ALSA: core: pcm_iec958: fix kernel-doc 2020-07-07 10:22:33 +02:00
pcm_lib.c ALSA: fix kernel-doc markups 2020-10-26 15:26:31 +01:00
pcm_local.h ALSA: pcm: Make snd_pcm_hw_constraints_init() and _complete() static 2020-01-16 17:29:33 +01:00
pcm_memory.c ALSA: core: pcm_memory: dereference pointer after NULL checks 2020-09-03 09:24:58 +02:00
pcm_misc.c ASoC: Updates for v5.7 2020-03-30 13:43:00 +02:00
pcm_native.c ALSA: fix kernel-doc markups 2020-10-26 15:26:31 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: core: pcm: simplify locking for timers 2020-09-03 09:24:33 +02:00
rawmidi_compat.c ALSA: Avoid using timespec for struct snd_rawmidi_status 2019-12-11 22:06:16 +01:00
rawmidi.c ALSA: rawmidi: Access runtime->avail always in spinlock 2020-12-06 09:36:10 +01:00
seq_device.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
sgbuf.c ALSA: memalloc: Make SG-buffer helper usable for continuous buffer, too 2020-06-15 18:01:52 +02:00
sound_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sound.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
timer_compat.c ALSA: Avoid using timespec for struct snd_timer_tread 2019-12-13 11:25:57 +01:00
timer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
vmaster.c ALSA: Replace the word "slave" in vmaster API 2020-07-20 10:10:47 +02:00