mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ALSA: wavefront: copy userspace array safely 

wavefront_fx.c utilizes memdup_user() to copy a userspace array. This
does not check for an overflow.

Use the new wrapper memdup_array_user() to copy the array more safely.

Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Link: https://lore.kernel.org/r/20231102190309.50891-2-pstanner@redhat.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit is contained in:
Philipp Stanner 2023-11-02 20:03:10 +01:00 committed by Takashi Iwai
parent d04ce4113c
commit 5a77457232
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sound/isa/wavefront/wavefront_fx.c
View File

@ -191,9 +191,9 @@ snd_wavefront_fx_ioctl (struct snd_hwdep *sdev, struct file *file,
"> 512 bytes to FX\n");
return -EIO;
}
page_data = memdup_user((unsigned char __user *)
r.data[3],
r.data[2] * sizeof(short));
page_data = memdup_array_user((unsigned char __user *)
r.data[3],
r.data[2], sizeof(short));
if (IS_ERR(page_data))
return PTR_ERR(page_data);
pd = page_data;