git.fsl.cs.sunysb.edu Git - wrapfs-4.14.y.git/commit

author	Takashi Iwai <tiwai@suse.de>
	Tue, 7 Nov 2017 15:05:24 +0000 (16:05 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Nov 2017 16:13:12 +0000 (17:13 +0100)
commit	adc4bacd51647370d37d15f7ff167c8afa12c949
tree	0908f0a8427ff2a797cb1ed98118f81bfe070508	tree \| snapshot
parent	4d5b67a54e6d5c0bb8b6638630f2a5af671798aa	commit \| diff

ALSA: seq: Fix OSS sysex delivery in OSS emulation

commit 132d358b183ac6ad8b3fea32ad5e0663456d18d1 upstream.

The SYSEX event delivery in OSS sequencer emulation assumed that the
event is encoded in the variable-length data with the straight
buffering. This was the normal behavior in the past, but during the
development, the chained buffers were introduced for carrying more
data, while the OSS code was left intact. As a result, when a SYSEX
event with the chained buffer data is passed to OSS sequencer port,
it may end up with the wrong memory access, as if it were having a too
large buffer.

This patch addresses the bug, by applying the buffer data expansion by
the generic snd_seq_dump_var_event() helper function.

Reported-by: syzbot <syzkaller@googlegroups.com>
Reported-by: Mark Salyzyn <salyzyn@android.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sound/core/seq/oss/seq_oss_midi.c		diff \| blob \| history
sound/core/seq/oss/seq_oss_readq.c		diff \| blob \| history
sound/core/seq/oss/seq_oss_readq.h		diff \| blob \| history