--- /dev/null
+From f3eef46f0518a2b32ca1244015820c35a22cfe4a Mon Sep 17 00:00:00 2001
+From: Zubin Mithra <zsm@chromium.org>
+Date: Fri, 27 Aug 2021 08:37:35 -0700
+Subject: ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
+
+From: Zubin Mithra <zsm@chromium.org>
+
+commit f3eef46f0518a2b32ca1244015820c35a22cfe4a upstream.
+
+Syzkaller reported a divide error in snd_pcm_lib_ioctl. fifo_size
+is of type snd_pcm_uframes_t(unsigned long). If frame_size
+is 0x100000000, the error occurs.
+
+Fixes: a9960e6a293e ("ALSA: pcm: fix fifo_size frame calculation")
+Signed-off-by: Zubin Mithra <zsm@chromium.org>
+Reviewed-by: Guenter Roeck <groeck@chromium.org>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210827153735.789452-1-zsm@chromium.org
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/core/pcm_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/core/pcm_lib.c
++++ b/sound/core/pcm_lib.c
+@@ -1757,7 +1757,7 @@ static int snd_pcm_lib_ioctl_fifo_size(s
+ channels = params_channels(params);
+ frame_size = snd_pcm_format_size(format, channels);
+ if (frame_size > 0)
+- params->fifo_size /= (unsigned)frame_size;
++ params->fifo_size /= frame_size;
+ }
+ return 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
