Message ID | 20241018060018.1189537-1-shum.sdl@nppct.ru (mailing list archive) |
---|---|
State | Accepted |
Commit | 72cafe63b35d06b5cfbaf807e90ae657907858da |
Headers | show |
Series | ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() | expand |
Hi, On Fri, Oct 18, 2024 at 09:00:18AM +0300, Andrey Shumilin wrote: > The step variable is initialized to zero. It is changed in the loop, > but if it's not changed it will remain zero. Add a variable check > before the division. > > The observed behavior was introduced by commit 826b5de90c0b > ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), > and it is difficult to show that any of the interval parameters will > satisfy the snd_interval_test() condition with data from the > amdtp_rate_table[] table. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size") > Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> > --- > sound/firewire/amdtp-stream.c | 3 +++ > 1 file changed, 3 insertions(+) I think it a good catch. Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Regards Takashi Sakamoto
On Fri, 18 Oct 2024 08:00:18 +0200, Andrey Shumilin wrote: > > The step variable is initialized to zero. It is changed in the loop, > but if it's not changed it will remain zero. Add a variable check > before the division. > > The observed behavior was introduced by commit 826b5de90c0b > ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), > and it is difficult to show that any of the interval parameters will > satisfy the snd_interval_test() condition with data from the > amdtp_rate_table[] table. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size") > Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> Applied now. Thanks. Takashi
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index 4e2f2bb7879f..6c45ee3545f9 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -163,6 +163,9 @@ static int apply_constraint_to_size(struct snd_pcm_hw_params *params, step = max(step, amdtp_syt_intervals[i]); } + if (step == 0) + return -EINVAL; + t.min = roundup(s->min, step); t.max = rounddown(s->max, step); t.integer = 1;
The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy the snd_interval_test() condition with data from the amdtp_rate_table[] table. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size") Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru> --- sound/firewire/amdtp-stream.c | 3 +++ 1 file changed, 3 insertions(+)