From: Xiaojun Sang <xsang@codeaurora.org>
Date: Mon, 21 Oct 2019 09:54:32 +0000 (+0100)
Subject: ASoC: compress: fix unsigned integer overflow check
X-Git-Tag: v4.9.206~125
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=14b702a33de5765654c0d3b15f4a17a965cadf91;p=platform%2Fkernel%2Flinux-amlogic.git

ASoC: compress: fix unsigned integer overflow check

[ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]

Parameter fragments and fragment_size are type of u32. U32_MAX is
the correct check.

Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/20191021095432.5639-1-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index 2e2d184..7ae8e24 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -529,7 +529,7 @@ static int snd_compress_check_input(struct snd_compr_params *params)
 {
 	/* first let's check the buffer parameter's */
 	if (params->buffer.fragment_size == 0 ||
-	    params->buffer.fragments > INT_MAX / params->buffer.fragment_size ||
+	    params->buffer.fragments > U32_MAX / params->buffer.fragment_size ||
 	    params->buffer.fragments == 0)
 		return -EINVAL;