From d3645b055399538415586ebaacaedebc1e5899b0 Mon Sep 17 00:00:00 2001
From: Xiaojun Sang <xsang@codeaurora.org>
Date: Mon, 21 Oct 2019 10:54:32 +0100
Subject: [PATCH] ASoC: compress: fix unsigned integer overflow check
Git-commit: d3645b055399538415586ebaacaedebc1e5899b0
Patch-mainline: v5.4-rc7
References: bsc#1051510
Parameter fragments and fragment_size are type of u32. U32_MAX is
the correct check.
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/20191021095432.5639-1-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
---
sound/core/compress_offload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index 99b882158705..942af8c29b79 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -528,7 +528,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
{
/* first let's check the buffer parameter's */
if (params->buffer.fragment_size == 0 ||
- params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
+ params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
params->buffer.fragments == 0)
return -EINVAL;
--
2.16.4