Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jun 2016 12:54:10 +0200
From: Marcus Meissner <>
To: OSS Security List <>,
	Takashi Iwai <>,
Subject: CVE Request: integer overflow in ALSA snd_compress_check_input


Someone seems to have assigned CVE-2014-9904 to commit 

commit 6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Author: Dan Carpenter <>
Date:   Wed Jul 16 09:37:04 2014 +0300

    ALSA: compress: fix an integer overflow check
    I previously added an integer overflow check here but looking at it now,
    it's still buggy.
    The bug happens in snd_compr_allocate_buffer().  We multiply
    ".fragments" and ".fragment_size" and that doesn't overflow but then we
    save it in an unsigned int so it truncates the high bits away and we
    allocate a smaller than expected size.
    Fixes: b35cc8225845 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
    Signed-off-by: Dan Carpenter <>
    Signed-off-by: Takashi Iwai <>

but there was no 2012 CVE assignment to the original fixing commit b35cc8225845 as far as I see:

commit b35cc8225845112a616e3a2266d2fde5ab13d3ab
Author: Dan Carpenter <>
Date:   Wed Sep 5 15:32:18 2012 +0300

    ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()
    These are 32 bit values that come from the user, we need to check for
    integer overflows or we could end up allocating a smaller buffer than
    Signed-off-by: Dan Carpenter <>
    Signed-off-by: Takashi Iwai <>

Is there a 2012 CVE for it?

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ