linux/sound/core/oss
Takashi Iwai 4cc8d6505a ALSA: pcm: oss: Avoid potential buffer overflows
syzkaller reported an invalid access in PCM OSS read, and this seems
to be an overflow of the internal buffer allocated for a plugin.
Since the rate plugin adjusts its transfer size dynamically, the
calculation for the chained plugin might be bigger than the given
buffer size in some extreme cases, which lead to such an buffer
overflow as caught by KASAN.

Fix it by limiting the max transfer size properly by checking against
the destination size in each plugin transfer callback.

Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-12-04 15:51:30 +01:00
..
copy.c ALSA: Kill snd_assert() in sound/core/* 2008-08-13 11:46:35 +02:00
io.c ALSA: pcm: Build OSS writev/readv helpers conditionally 2017-06-02 19:38:26 +02:00
linear.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-04 15:51:30 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mulaw.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-04 15:51:30 +01:00
pcm_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_plugin.c ALSA: oss: Use kvzalloc() for local buffer allocations 2018-11-09 14:12:04 +01:00
pcm_plugin.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
rate.c ALSA: pcm: oss: Use struct_size() helper 2019-05-24 07:59:19 +02:00
route.c ALSA: pcm: oss: Avoid potential buffer overflows 2019-12-04 15:51:30 +01:00