ALSA: core: Fix crash by avoiding appl_ptr crossing 32-bit boundary

Incase of A2DP usecase using proxy driver, appl_ptr has boundary value as 0x60000000 frames in sw_params for stereo(2 channels). When this value crosses 0x40000000, then userspace calculating appl_ptr at bytes results in crossing 32-bit value 0x100000000, and points to 0x0 offset which can result in crash or pop. To avoid above scenario, set the sw_params appl_ptr boundary value within 0x40000000. Added proper check at sw_params update to set this value correctly within 32-bit boundary(frames). CRs-Fixed: 483203 Change-Id: I537a04156699d90549a0a468ae19539ecd552d3b Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org> Signed-off-by: Meng Wang <mwang@codeaurora.org>
12 years ago · 560a9699ff
parent 73654f5755
commit 560a9699ff
1 changed files with 2 additions and 1 deletions
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@ -716,7 +716,8 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
 	runtime->silence_threshold = 0;
 	runtime->silence_size = 0;
 	runtime->boundary = runtime->buffer_size;
-	while (runtime->boundary * 2 <= LONG_MAX - runtime->buffer_size)
+	while (runtime->boundary * 2 * runtime->channels <=
+					LONG_MAX - runtime->buffer_size)
 		runtime->boundary *= 2;

 	snd_pcm_timer_resolution_change(substream);