-
Dan Carpenter authored
This patch doesn't change runtime at all, it's just for kernel hardening. The "count" here comes from the user and on 32bit systems, it leads to integer wrapping when we pass it to compute_user_elem_size(): alloc_size = compute_user_elem_size(private_size, count); However, the integer over is harmless because later "count" is checked when we pass it to snd_ctl_new(): err = snd_ctl_new(&kctl, count, access, file); These days as part of kernel hardening we're trying to avoid integer overflows when they affect size_t type. So to avoid the integer overflow copy the check from snd_ctl_new() and do it at the start of the snd_ctl_elem_add() function as well. Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://patch.msgid.link/5457e8c1-01ff-4dd9-b49c-15b817f65ee7@stanley.mountainSigned-off-by: Takashi Iwai <tiwai@suse.de>
a04dae6f