From e71eb028dac0c06663580cc50bf28782d25d287d Mon Sep 17 00:00:00 2001 From: Andrey Shumilin Date: Tue, 19 Nov 2024 09:27:26 +0800 Subject: [PATCH] ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() stable inclusion from stable-v5.10.229 commit 5e431f85c87bbffd93a9830d5a576586f9855291 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2YWV CVE: CVE-2024-50205 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5e431f85c87bbffd93a9830d5a576586f9855291 -------------------------------- [ Upstream commit 72cafe63b35d06b5cfbaf807e90ae657907858da ] The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy the snd_interval_test() condition with data from the amdtp_rate_table[] table. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size") Signed-off-by: Andrey Shumilin Reviewed-by: Takashi Sakamoto Link: https://patch.msgid.link/20241018060018.1189537-1-shum.sdl@nppct.ru Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin Signed-off-by: Gu Bowen --- sound/firewire/amdtp-stream.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index 7a282d8e7148..bd272ab2048e 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -163,6 +163,9 @@ static int apply_constraint_to_size(struct snd_pcm_hw_params *params, step = max(step, amdtp_syt_intervals[i]); } + if (step == 0) + return -EINVAL; + t.min = roundup(s->min, step); t.max = rounddown(s->max, step); t.integer = 1; -- Gitee