Revert "Fix CVE-2012-6703 (integer overflow in ALSA subsystem)"

buffer check was turned into a routine, taken care of by snd_compress_check_input https://github.com/Moyster/android_kernel_m2note/blob/ng-7.1.2/sound/core/compress_offload.c#L496 This reverts commit a1beff31cf3b220b7c983c1933ad5dbd438f89fc. Signed-off-by: Moyster <oysterized@gmail.com>
author: Moyster <oysterized@gmail.com> 2017-10-16 15:49:21 +0200
committer: Mister Oyster <oysterized@gmail.com> 2017-10-16 16:03:09 +0200
commit: fd8fa684ec7679cb640bac40460e3320a9b3adc8 (patch)
tree: a607eead0d0d7b72752278f89a6dcc5752142655 /sound
parent: 19cad8b371001e3157336b0a663b9442d9f05de7 (diff)
1 files changed, 0 insertions, 5 deletions
diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index ab2d0ee74..49a44d761 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -468,11 +468,6 @@ static int snd_compr_allocate_buffer(struct snd_compr_stream *stream,
 	unsigned int buffer_size;
 	void *buffer;
 
-	/* check for integer overflows */
-	if(params->buffer.fragment_size == 0 ||
-		params->buffer.fragments > SIZE_MAX / params->buffer.fragment_size)
-			return -EINVAL;
-
 	buffer_size = params->buffer.fragment_size * params->buffer.fragments;
 	if (stream->ops->copy) {
 		buffer = NULL;
author	Moyster <oysterized@gmail.com>	2017-10-16 15:49:21 +0200
committer	Mister Oyster <oysterized@gmail.com>	2017-10-16 16:03:09 +0200
commit	fd8fa684ec7679cb640bac40460e3320a9b3adc8 (patch)
tree	a607eead0d0d7b72752278f89a6dcc5752142655 /sound
parent	19cad8b371001e3157336b0a663b9442d9f05de7 (diff)