• Takashi Iwai's avatar
    ALSA: pcm: oss: Avoid potential buffer overflows · 4cc8d650
    Takashi Iwai authored
    syzkaller reported an invalid access in PCM OSS read, and this seems
    to be an overflow of the internal buffer allocated for a plugin.
    Since the rate plugin adjusts its transfer size dynamically, the
    calculation for the chained plugin might be bigger than the given
    buffer size in some extreme cases, which lead to such an buffer
    overflow as caught by KASAN.
    
    Fix it by limiting the max transfer size properly by checking against
    the destination size in each plugin transfer callback.
    
    Reported-by: syzbot+f153bde47a62e0b05f83@syzkaller.appspotmail.com
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/20191204144824.17801-1-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    4cc8d650
linear.c 5.73 KB