diff mbox series

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

Message ID 20241018060018.1189537-1-shum.sdl@nppct.ru (mailing list archive)
State Accepted
Commit 72cafe63b35d06b5cfbaf807e90ae657907858da
Headers show
Series ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() | expand

Commit Message

Andrey Shumilin Oct. 18, 2024, 6 a.m. UTC
The step variable is initialized to zero. It is changed in the loop,
but if it's not changed it will remain zero. Add a variable check
before the division.

The observed behavior was introduced by commit 826b5de90c0b
("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"),
and it is difficult to show that any of the interval parameters will
satisfy the snd_interval_test() condition with data from the
amdtp_rate_table[] table.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size")
Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru>
---
 sound/firewire/amdtp-stream.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Takashi Sakamoto Oct. 20, 2024, 10:05 p.m. UTC | #1
Hi,

On Fri, Oct 18, 2024 at 09:00:18AM +0300, Andrey Shumilin wrote:
> The step variable is initialized to zero. It is changed in the loop,
> but if it's not changed it will remain zero. Add a variable check
> before the division.
> 
> The observed behavior was introduced by commit 826b5de90c0b
> ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"),
> and it is difficult to show that any of the interval parameters will
> satisfy the snd_interval_test() condition with data from the
> amdtp_rate_table[] table.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size")
> Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru>
> ---
>  sound/firewire/amdtp-stream.c | 3 +++
>  1 file changed, 3 insertions(+)

I think it a good catch.

Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>


Regards

Takashi Sakamoto
Takashi Iwai Oct. 21, 2024, 7:09 a.m. UTC | #2
On Fri, 18 Oct 2024 08:00:18 +0200,
Andrey Shumilin wrote:
> 
> The step variable is initialized to zero. It is changed in the loop,
> but if it's not changed it will remain zero. Add a variable check
> before the division.
> 
> The observed behavior was introduced by commit 826b5de90c0b
> ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"),
> and it is difficult to show that any of the interval parameters will
> satisfy the snd_interval_test() condition with data from the
> amdtp_rate_table[] table.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size")
> Signed-off-by: Andrey Shumilin <shum.sdl@nppct.ru>

Applied now.  Thanks.


Takashi
diff mbox series

Patch

diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c
index 4e2f2bb7879f..6c45ee3545f9 100644
--- a/sound/firewire/amdtp-stream.c
+++ b/sound/firewire/amdtp-stream.c
@@ -163,6 +163,9 @@  static int apply_constraint_to_size(struct snd_pcm_hw_params *params,
 			step = max(step, amdtp_syt_intervals[i]);
 	}
 
+	if (step == 0)
+		return -EINVAL;
+
 	t.min = roundup(s->min, step);
 	t.max = rounddown(s->max, step);
 	t.integer = 1;