ALSA: compress: fix an integer overflow check
authorDan Carpenter <dan.carpenter@oracle.com>
Wed, 16 Jul 2014 06:37:04 +0000 (09:37 +0300)
committerTakashi Iwai <tiwai@suse.de>
Wed, 16 Jul 2014 13:27:03 +0000 (15:27 +0200)
commit6217e5ede23285ddfee10d2e4ba0cc2d4c046205
tree568d58db520a580ce8070d55d695ec854d8d9bea
parent892028acf020e5f9f8e8894b404400b360f5fe4f
ALSA: compress: fix an integer overflow check

I previously added an integer overflow check here but looking at it now,
it's still buggy.

The bug happens in snd_compr_allocate_buffer().  We multiply
".fragments" and ".fragment_size" and that doesn't overflow but then we
save it in an unsigned int so it truncates the high bits away and we
allocate a smaller than expected size.

Fixes: b35cc8225845 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/core/compress_offload.c