Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-21 07:23:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
e8991d1d64
linux/sound/core
History
Arnd Bergmann e8991d1d64 ALSA: core: fix buffer overflow in test_format_fill_silence() 
KASAN caught a buffer overflow with the hardcoded 2048 byte buffer
size, when 2080 bytes are written to it:

 BUG: KASAN: slab-out-of-bounds in snd_pcm_format_set_silence+0x3bc/0x3e4
 Write of size 8 at addr ffff0000c8149800 by task kunit_try_catch/1297

 CPU: 0 PID: 1297 Comm: kunit_try_catch Tainted: G N 6.8.0-rc4-next-20240216 #1
 Hardware name: linux,dummy-virt (DT)
 Call trace:
  kasan_report+0x78/0xc0
  __asan_report_store_n_noabort+0x1c/0x28
  snd_pcm_format_set_silence+0x3bc/0x3e4
  _test_fill_silence+0xdc/0x298
  test_format_fill_silence+0x110/0x228
  kunit_try_run_case+0x144/0x3bc
  kunit_generic_run_threadfn_adapter+0x50/0x94
  kthread+0x330/0x3e8
  ret_from_fork+0x10/0x20

 Allocated by task 1297:
  __kmalloc+0x17c/0x2f0
  kunit_kmalloc_array+0x2c/0x78
  test_format_fill_silence+0xcc/0x228
  kunit_try_run_case+0x144/0x3bc
  kunit_generic_run_threadfn_adapter+0x50/0x94
  kthread+0x330/0x3e8
  ret_from_fork+0x10/0x20

Replace the incorrect size with the correct length of 260 64-bit samples.

Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Suggested-by: Ivan Orlov <ivan.orlov0322@gmail.com>
Fixes: 3e39acf56e ("ALSA: core: Add sound core KUnit test")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Acked-by: Ivan Orlov <ivan.orlov0322@gmail.com>
Link: https://lore.kernel.org/r/20240217104311.3749655-1-arnd@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2024-02-19 09:21:55 +01:00
..
oss ALSA: control: Introduce unlocked version for snd_ctl_find_*() helpers 2023-07-20 10:03:00 +02:00
seq ALSA: avoid 'bool' as variable name 2024-02-16 14:47:13 +01:00
compress_offload.c ALSA: compress: Don't embed device 2023-08-17 09:24:15 +02:00
control_compat.c ALSA: control: Replace with __packed attribute 2023-10-26 09:42:43 +02:00
control_led.c ALSA: control: Don't embed ctl_dev 2023-08-17 09:23:30 +02:00
control.c ALSA: control: Don't embed ctl_dev 2023-08-17 09:23:30 +02:00
ctljack.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
device.c ALSA: core: Fix missing return value comments for kernel docs 2022-07-13 13:42:38 +02:00
hrtimer.c ALSA: timer: Replace tasklet with work 2020-09-09 18:32:52 +02:00
hwdep_compat.c ALSA: compat_ioctl: avoid compat_alloc_user_space 2020-09-21 10:37:07 +02:00
hwdep.c ALSA: hwdep: Don't embed device 2023-08-17 09:24:01 +02:00
info_oss.c ALSA: oss: remove useless NULL check before kfree 2021-12-06 10:08:13 +01:00
info.c ALSA: info: Fix potential deadlock at disconnection 2023-11-09 16:06:33 +01:00
init.c ALSA: core: Use dev_name of card_dev as debugfs directory name 2023-09-12 15:30:37 +02:00
isadma.c sound updates for 6.0-rc1 2022-08-06 10:19:51 -07:00
jack.c ALSA: control: Take controls_rwsem lock in snd_ctl_remove() 2023-07-20 10:01:27 +02:00
Kconfig ALSA: core: Fix dependencies for SND_CORE_TEST 2024-02-02 09:16:46 +01:00
Makefile ALSA: core: Add sound core KUnit test 2024-01-30 14:11:37 +01:00
memalloc_local.h ALSA: memalloc: remove snd_dma_sg_ops declaration 2022-09-09 09:09:40 +02:00
memalloc.c ALSA: memalloc: Workaround for Xen PV 2023-01-27 09:16:24 +01:00
memory.c ALSA: core: Add memory copy helpers between iov_iter and iomem 2023-08-18 12:18:16 +02:00
misc.c ALSA: core: Add async signal helpers 2022-07-29 12:57:10 +02:00
pcm_compat.c ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl 2023-08-29 16:03:11 +02:00
pcm_dmaengine.c ALSA: dmaengine: increment buffer pointer atomically 2022-09-27 08:55:05 +02:00
pcm_drm_eld.c drm/edid: include drm_eld.h only where required 2023-11-09 16:47:31 +02:00
pcm_iec958.c ALSA: iec958: Split status creation and fill 2021-06-08 17:05:41 +02:00
pcm_lib.c ALSA: hda: Upgrade stream-format infrastructure 2023-11-27 17:27:41 +01:00
pcm_local.h ALSA: pcm: Revert "ALSA: pcm: rewrite snd_pcm_playback_silence()" 2023-05-05 18:23:48 +02:00
pcm_memory.c ALSA: pcm: Fix potential data race at PCM memory allocation helpers 2023-07-03 14:52:27 +02:00
pcm_misc.c ALSA: pcm: Test for "silence" field in struct "pcm_format_data" 2022-04-11 09:27:56 +02:00
pcm_native.c ALSA: pcm: Introduce MSBITS subformat interface 2023-11-27 17:24:26 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h ALSA: pcm: fix tracing reason in hw_ptr_error 2022-11-28 14:55:41 +01:00
pcm.c ALSA: pcm: Fix snd_pcm_format_name function 2024-01-30 14:11:29 +01:00
rawmidi_compat.c ALSA: rawmidi: Replace with __packed attribute 2023-10-26 09:42:55 +02:00
rawmidi.c ALSA: rawmidi: Fix NULL dereference at proc read 2023-09-16 08:08:05 +02:00
seq_device.c ALSA: seq: make snd_seq_bus_type const 2024-02-15 13:48:03 +01:00
sound_kunit.c ALSA: core: fix buffer overflow in test_format_fill_silence() 2024-02-19 09:21:55 +01:00
sound_oss.c ALSA: oss: Fix potential deadlock at unregistration 2022-10-11 09:02:43 +02:00
sound.c ALSA: core: Fix assignment in if condition 2021-06-09 17:30:22 +02:00
timer_compat.c ALSA: Convert strlcpy to strscpy when return value is unused 2021-01-08 09:30:05 +01:00
timer.c ALSA: timer: Create device with snd_device_alloc() 2023-08-17 09:24:21 +02:00
ump_convert.c ALSA: ump: Correct wrong byte size at converting a UMP System message 2023-06-28 11:44:30 +02:00
ump.c ALSA: ump: Fix -Wformat-truncation warnings 2023-08-26 09:22:18 +02:00
vmaster.c ALSA: vmaster: Add snd_ctl_add_followers() helper 2023-07-21 09:37:47 +02:00