• T
    ALSA: firewire-lib: fix buffer-over-run when detecting packet discontinuity · 31ea49ba
    Takashi Sakamoto 提交于
    When detecting packet discontinuity, handle_in_packet() returns minus value
    and this value is assigned to unsigned int variable, then the variable has
    huge value. As a result, the variable causes buffer-over-run in
    handle_out_packet(). This brings invalid page request and system hangup.
    
    This commit fixes the bug to add a new argument into handle_in_packet()
    and the number of handled data blocks is assignd to it. The function
    return value is just used to check error.
    
    I also considered to change the type of local variable to 'int' in
    in_stream_callback(). This idea is based on type-conversion in C standard,
    while it may cause future problems when adding more works. Thus, I dropped
    this idea.
    
    Fixes: 6fc6b9ce('ALSA: firewire-lib: pass the number of data blocks in incoming packets to outgoing packets')
    Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: NTakashi Sakamoto <o-takashi@sakamocchi.jp>
    Signed-off-by: NTakashi Iwai <tiwai@suse.de>
    31ea49ba
amdtp.c 29.7 KB