ALSA: pcm: oss: Fix a few more UBSAN fixes

There are a few places that call round{up|down}_pow_of_two() with the
value zero, and this causes undefined behavior warnings.  Avoid
calling those macros if such a nonsense value is passed; it's a minor
optimization as well, as we handle it as either an error or a value to
be skipped, instead.

Reported-by: syzbot+33ef0b6639a8d2d42b4c@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201218161730.26596-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index de19174..142fc75 100644 (file)
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -693,6 +693,8 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream,
 
        oss_buffer_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_BUFFER_SIZE, NULL)) * oss_frame_size;
 
        oss_buffer_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_BUFFER_SIZE, NULL)) * oss_frame_size;

+       if (!oss_buffer_size)
+               return -EINVAL;

        oss_buffer_size = rounddown_pow_of_two(oss_buffer_size);
        if (atomic_read(&substream->mmap_count)) {
                if (oss_buffer_size > runtime->oss.mmap_bytes)
        oss_buffer_size = rounddown_pow_of_two(oss_buffer_size);
        if (atomic_read(&substream->mmap_count)) {
                if (oss_buffer_size > runtime->oss.mmap_bytes)


@@ -728,17 +730,21 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream,
 
        min_period_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_min(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL));
 
        min_period_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_min(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL));

-       min_period_size *= oss_frame_size;
-       min_period_size = roundup_pow_of_two(min_period_size);
-       if (oss_period_size < min_period_size)
-               oss_period_size = min_period_size;
+       if (min_period_size) {
+               min_period_size *= oss_frame_size;
+               min_period_size = roundup_pow_of_two(min_period_size);
+               if (oss_period_size < min_period_size)
+                       oss_period_size = min_period_size;
+       }

 
        max_period_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL));
 
        max_period_size = snd_pcm_plug_client_size(substream,
                                                   snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL));

-       max_period_size *= oss_frame_size;
-       max_period_size = rounddown_pow_of_two(max_period_size);
-       if (oss_period_size > max_period_size)
-               oss_period_size = max_period_size;
+       if (max_period_size) {
+               max_period_size *= oss_frame_size;
+               max_period_size = rounddown_pow_of_two(max_period_size);
+               if (oss_period_size > max_period_size)
+                       oss_period_size = max_period_size;
+       }

 
        oss_periods = oss_buffer_size / oss_period_size;
 
 
        oss_periods = oss_buffer_size / oss_period_size;