On Wed, May 20, 2020 at 12:05:48AM +0530, P J P wrote: > +-- On Fri, 15 May 2020, P J P wrote --+ > | From: Prasad J Pandit <p...@fedoraproject.org> > | > | A guest user may set channel frame count via es1370_write() > | such that, in es1370_transfer_audio(), total frame count > | 'size' is lesser than the number of frames that are processed > | 'cnt'. > | > | int cnt = d->frame_cnt >> 16; > | int size = d->frame_cnt & 0xffff; > | > | if (size < cnt), it results in incorrect calculations leading > | to OOB access issue(s). Add check to avoid it. > | > > Ping...!
Added to audio patch queue. (there isn't much activity in audio, thats why the mail was sitting in my mailbox waiting for me process it ...) thanks, Gerd
