android-mainline/ANDROID-ASoC-compress-fix-unsigned-integer-overflow-check.patch - kernel/common-patches - Git at Google

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Xiaojun Sang <xsang@codeaurora.org>
 Date: Wed, 1 Jun 2016 11:26:45 +0800
 Subject: ANDROID: ASoC: compress: fix unsigned integer overflow check

 Parameter fragments and fragment_size are type of u32. U32_MAX is
 the correct check.

 CRs-Fixed: 1014726
 Bug: 142489397
 Change-Id: Ia6d4755408646ac4a75724f3c6f2177651875da3
 Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
 Signed-off-by: Meng Wang <mwang@codeaurora.org>
 ---
  sound/core/compress_offload.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
 index 41905afada63..f34ce564d92c 100644
 --- a/sound/core/compress_offload.c
 +++ b/sound/core/compress_offload.c
 @@ -528,7 +528,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
  {
  	/* first let's check the buffer parameter's */
  	if (params->buffer.fragment_size == 0 ||
 -	    params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
 +	    params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
  	    params->buffer.fragments == 0)
  		return -EINVAL;
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Xiaojun Sang <xsang@codeaurora.org>
	Date: Wed, 1 Jun 2016 11:26:45 +0800
	Subject: ANDROID: ASoC: compress: fix unsigned integer overflow check

	Parameter fragments and fragment_size are type of u32. U32_MAX is
	the correct check.

	CRs-Fixed: 1014726
	Bug: 142489397
	Change-Id: Ia6d4755408646ac4a75724f3c6f2177651875da3
	Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
	Signed-off-by: Meng Wang <mwang@codeaurora.org>
	---
	sound/core/compress_offload.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
	index 41905afada63..f34ce564d92c 100644
	--- a/sound/core/compress_offload.c
	+++ b/sound/core/compress_offload.c
	@@ -528,7 +528,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
	{
	/* first let's check the buffer parameter's */
	if (params->buffer.fragment_size == 0 \|\|
	- params->buffer.fragments > INT_MAX / params->buffer.fragment_size \|\|
	+ params->buffer.fragments > U32_MAX / params->buffer.fragment_size \|\|
	params->buffer.fragments == 0)
	return -EINVAL;