linux_dsm_epyc7002/sound
Silvio Cesare c407cd008f
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
Change snprintf to scnprintf. There are generally two cases where using
snprintf causes problems.

1) Uses of size += snprintf(buf, SIZE - size, fmt, ...)
In this case, if snprintf would have written more characters than what the
buffer size (SIZE) is, then size will end up larger than SIZE. In later
uses of snprintf, SIZE - size will result in a negative number, leading
to problems. Note that size might already be too large by using
size = snprintf before the code reaches a case of size += snprintf.

2) If size is ultimately used as a length parameter for a copy back to user
space, then it will potentially allow for a buffer overflow and information
disclosure when size is greater than SIZE. When the size is used to index
the buffer directly, we can have memory corruption. This also means when
size = snprintf... is used, it may also cause problems since size may become
large.  Copying to userspace is mitigated by the HARDENED_USERCOPY kernel
configuration.

The solution to these issues is to use scnprintf which returns the number of
characters actually written to the buffer, so the size variable will never
exceed SIZE.

Signed-off-by: Silvio Cesare <silvio.cesare@gmail.com>
Cc: Timur Tabi <timur@kernel.org>
Cc: Nicolin Chen <nicoleotsuka@gmail.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Xiubo Li <Xiubo.Lee@gmail.com>
Cc: Fabio Estevam <fabio.estevam@nxp.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
2019-01-15 19:06:08 +00:00
..
ac97 ALSA: ac97: fix unbalanced pm_runtime_enable 2018-08-19 18:37:04 +02:00
aoa ALSA: aoa: Convert to using %pOFn instead of device_node.name 2018-09-03 23:41:57 +02:00
arm ASoC: pxa: switch to new ac97 bus support 2018-09-10 18:47:58 +01:00
atmel
core ALSA: compress: prevent potential divide by zero bugs 2019-01-03 16:32:57 +00:00
drivers ALSA: opl3: Mark expected switch fall-through 2018-08-08 21:40:14 +02:00
firewire ALSA: fireface: fix reference to wrong register for clock configuration 2018-12-09 09:37:44 +01:00
hda sound updates for 4.20 2018-10-25 09:00:15 -07:00
i2c ALSA: i2c/cs8427: Fix int to char conversion 2018-10-18 15:44:08 +02:00
isa ALSA: wss: Fix invalid snd_free_pages() at error path 2018-11-24 19:55:59 +01:00
mips ALSA: mips: Cleanup indirect PCM helper usages 2018-09-04 12:13:46 +02:00
oss treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
parisc
pci ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 2018-12-10 11:25:22 +01:00
pcmcia Merge branch 'for-linus' into topic/virmidi 2018-07-29 22:39:29 +02:00
ppc powerpc/ps3: Set driver coherent_dma_mask 2018-07-20 12:50:37 +10:00
sh
soc ASoC: imx-audmux: change snprintf to scnprintf for possible overflow 2019-01-15 19:06:08 +00:00
sparc ALSA: sparc: Fix invalid snd_free_pages() at error path 2018-11-24 19:56:15 +01:00
spi
synth ALSA: synth: Remove empty init and exit 2018-08-03 16:11:53 +02:00
usb ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c 2018-12-03 16:09:38 +01:00
x86 ALSA: intel_hdmi: Use the new non-cached allocation 2018-08-28 13:56:49 +02:00
xen ALSA: xen-front: Refine indentations and constify snd_pcm_ops 2018-09-20 09:14:52 +02:00
ac97_bus.c
Kconfig ALSA: xen-front: Introduce Xen para-virtualized sound frontend driver 2018-05-16 12:58:36 +02:00
last.c
Makefile ALSA: xen-front: Introduce Xen para-virtualized sound frontend driver 2018-05-16 12:58:36 +02:00
sound_core.c sound: Use octal not symbolic permissions 2018-05-28 11:27:20 +02:00