Commit 8839c8c0 authored by Takashi Iwai's avatar Takashi Iwai

ALSA: pcm: oss: Limit the period size to 16MB

Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.

As of this patch, we set to 16MB limit, which should cover all use
cases.

Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com
Reported-by: default avatarBixuan Cui <cuibixuan@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1638270978-42412-1-git-send-email-cuibixuan@linux.alibaba.com
Link: https://lore.kernel.org/r/20211201073606.11660-3-tiwai@suse.deSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent 9d2479c9
...@@ -1962,7 +1962,7 @@ static int snd_pcm_oss_set_fragment1(struct snd_pcm_substream *substream, unsign ...@@ -1962,7 +1962,7 @@ static int snd_pcm_oss_set_fragment1(struct snd_pcm_substream *substream, unsign
if (runtime->oss.subdivision || runtime->oss.fragshift) if (runtime->oss.subdivision || runtime->oss.fragshift)
return -EINVAL; return -EINVAL;
fragshift = val & 0xffff; fragshift = val & 0xffff;
if (fragshift >= 31) if (fragshift >= 25) /* should be large enough */
return -EINVAL; return -EINVAL;
runtime->oss.fragshift = fragshift; runtime->oss.fragshift = fragshift;
runtime->oss.maxfrags = (val >> 16) & 0xffff; runtime->oss.maxfrags = (val >> 16) & 0xffff;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment