Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3901385ybz;
        Mon, 4 May 2020 11:48:22 -0700 (PDT)
X-Google-Smtp-Source: APiQypLmT90hv8ugrIGu6Y0YR4LWAH0FaXcCq4ZTh7y58KcR5qBRIOswbGZXCjcfetphXlED2FYD
X-Received: by 2002:a17:906:804a:: with SMTP id x10mr16843138ejw.86.1588618102721;
        Mon, 04 May 2020 11:48:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588618102; cv=none;
        d=google.com; s=arc-20160816;
        b=yxxrNQhf/+CIGsKAbkY8NSmYTT94eVslUMsOddfSo3mb2sxHzdqaX0/OKxn7SGDnw3
         tVZDQlanDvfVQzjw3jWcGh3K9vaOEyYK21shtjyFNW4DTCYBbJsLgKtK7oWCdHOuJXFv
         DU1SLjXP8JShym9t4FM7h68/KeTB+hKtW23bBXt81WU5oNdDp8e5KpfQOqKEz9vfG92L
         M047M2Cl/acXrfSeHk37C7xGuM9Zj0N8bF1L8GJP9OfQx6du6Jpvf41ws3RvG9GdLd03
         gGupgyde0G6WFhTOAKbyJZXeQL48cjbVwP4jD6njSBHol5fqkZsERh/1cyBHdFvsvsGB
         U+VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=aYLLGwVMc/u9QrxXZ9hgxSPw/qnexMv+gqw37PXWj4s=;
        b=HMHKB9Cx2sS91BcUIdTI7UqOeosEosqaLAhftuYljwYszvZd+KuN2fRM3ubzPQgzjr
         vmKVa5tMF0UyvbT7/prgInOD17p23TA8HSYvjDxG3tTJTjlpbbNr+6KzAryku0LuMbRz
         wr/8iMPNxBRTJ1h/E/58deMkQDDlIVe75ATQnwVjicZpxOCmvgCCmP2T3V9Xir1neu69
         3y+BXGncWRCfDEg94CMF0/aG3LUh6uOPyrpiGlaHWLV0lKDFnEUiAgDt2FTf9FFIKrH6
         HXub7fMW558qzcNjc3qhxu91mofGH61ppkmGlGk+KDxNgQPRn+uKrxQ9WLWOT9/fHkrD
         Hc+g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1eR8SOmf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e16si7085099eds.503.2020.05.04.11.47.59;
        Mon, 04 May 2020 11:48:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=1eR8SOmf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731499AbgEDSDX (ORCPT <rfc822;carmate383@gmail.com>
        + 99 others); Mon, 4 May 2020 14:03:23 -0400
Received: from mail.kernel.org ([198.145.29.99]:60450 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731491AbgEDSDV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 May 2020 14:03:21 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id CA897206B8;
        Mon,  4 May 2020 18:03:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1588615401;
        bh=WOwYZ/09O3hRQvZRWnR5ibcSY9bduvtiBeCePotFWM8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=1eR8SOmfzn9ZeSRAVw2uJ0zNOM8qnFgIrOanTAsYlCqWApJPJPz0jKkRFmqtZTwXL
         OSTRX286EUFL3RG2LhJzRO/jwmBRtmPdY3PUiX/0SLZtFirKsp4+tYTIcgS6W4UfX2
         YFdx/myojj2uRTGc+ef2QLUtIxFwyfZ6//5bC6+E=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Takashi Iwai <tiwai@suse.de>
Subject: [PATCH 5.4 23/57] ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
Date:   Mon,  4 May 2020 19:57:27 +0200
Message-Id: <20200504165458.372036648@linuxfoundation.org>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200504165456.783676004@linuxfoundation.org>
References: <20200504165456.783676004@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Takashi Iwai <tiwai@suse.de>

commit 4285de0725b1bf73608abbcd35ad7fd3ddc0b61e upstream.

The checks of the plugin buffer overflow in the previous fix by commit
  f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow")
are put in the wrong places mistakenly, which leads to the expected
(repeated) sound when the rate plugin is involved.  Fix in the right
places.

Also, at those right places, the zero check is needed for the
termination node, so added there as well, and let's get it done,
finally.

Fixes: f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200424193350.19678-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/core/oss/pcm_plugin.c |   20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

--- a/sound/core/oss/pcm_plugin.c
+++ b/sound/core/oss/pcm_plugin.c
@@ -211,21 +211,23 @@ static snd_pcm_sframes_t plug_client_siz
 	if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
 		plugin = snd_pcm_plug_last(plug);
 		while (plugin && drv_frames > 0) {
-			if (check_size && drv_frames > plugin->buf_frames)
-				drv_frames = plugin->buf_frames;
 			plugin_prev = plugin->prev;
 			if (plugin->src_frames)
 				drv_frames = plugin->src_frames(plugin, drv_frames);
+			if (check_size && plugin->buf_frames &&
+			    drv_frames > plugin->buf_frames)
+				drv_frames = plugin->buf_frames;
 			plugin = plugin_prev;
 		}
 	} else if (stream == SNDRV_PCM_STREAM_CAPTURE) {
 		plugin = snd_pcm_plug_first(plug);
 		while (plugin && drv_frames > 0) {
 			plugin_next = plugin->next;
+			if (check_size && plugin->buf_frames &&
+			    drv_frames > plugin->buf_frames)
+				drv_frames = plugin->buf_frames;
 			if (plugin->dst_frames)
 				drv_frames = plugin->dst_frames(plugin, drv_frames);
-			if (check_size && drv_frames > plugin->buf_frames)
-				drv_frames = plugin->buf_frames;
 			plugin = plugin_next;
 		}
 	} else
@@ -251,26 +253,28 @@ static snd_pcm_sframes_t plug_slave_size
 		plugin = snd_pcm_plug_first(plug);
 		while (plugin && frames > 0) {
 			plugin_next = plugin->next;
+			if (check_size && plugin->buf_frames &&
+			    frames > plugin->buf_frames)
+				frames = plugin->buf_frames;
 			if (plugin->dst_frames) {
 				frames = plugin->dst_frames(plugin, frames);
 				if (frames < 0)
 					return frames;
 			}
-			if (check_size && frames > plugin->buf_frames)
-				frames = plugin->buf_frames;
 			plugin = plugin_next;
 		}
 	} else if (stream == SNDRV_PCM_STREAM_CAPTURE) {
 		plugin = snd_pcm_plug_last(plug);
 		while (plugin) {
-			if (check_size && frames > plugin->buf_frames)
-				frames = plugin->buf_frames;
 			plugin_prev = plugin->prev;
 			if (plugin->src_frames) {
 				frames = plugin->src_frames(plugin, frames);
 				if (frames < 0)
 					return frames;
 			}
+			if (check_size && plugin->buf_frames &&
+			    frames > plugin->buf_frames)
+				frames = plugin->buf_frames;
 			plugin = plugin_prev;
 		}
 	} else