Commit 5a774572 authored by Philipp Stanner's avatar Philipp Stanner Committed by Takashi Iwai

ALSA: wavefront: copy userspace array safely

wavefront_fx.c utilizes memdup_user() to copy a userspace array. This
does not check for an overflow.

Use the new wrapper memdup_array_user() to copy the array more safely.
Suggested-by: default avatarDave Airlie <airlied@redhat.com>
Signed-off-by: default avatarPhilipp Stanner <pstanner@redhat.com>
Link: https://lore.kernel.org/r/20231102190309.50891-2-pstanner@redhat.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent d04ce411
...@@ -191,9 +191,9 @@ snd_wavefront_fx_ioctl (struct snd_hwdep *sdev, struct file *file, ...@@ -191,9 +191,9 @@ snd_wavefront_fx_ioctl (struct snd_hwdep *sdev, struct file *file,
"> 512 bytes to FX\n"); "> 512 bytes to FX\n");
return -EIO; return -EIO;
} }
page_data = memdup_user((unsigned char __user *) page_data = memdup_array_user((unsigned char __user *)
r.data[3], r.data[3],
r.data[2] * sizeof(short)); r.data[2], sizeof(short));
if (IS_ERR(page_data)) if (IS_ERR(page_data))
return PTR_ERR(page_data); return PTR_ERR(page_data);
pd = page_data; pd = page_data;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment