From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F296D2BDC00 for ; Tue, 16 Dec 2025 10:32:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765881150; cv=none; b=LH/H7SnLnYZSuMBbgVUzEFYLQSn0+ujnuVie+YYY2CjU4KoHnFqsBr5mTstvgEIyILl3QNveBa5VI0wQhI0ypIhlL+bm741ajm8qe7GAN8nJpvYY8OHdblYi1IBq0/GV29u+kFYU9ymRPiNFabTpMGpTwyAMv+FaRw6uIBwPtg8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765881150; c=relaxed/simple; bh=F9bQ/UvrsIyuRktgqiX0GIGW+ZipeRxgKTt8GG3VcmU=; h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=EC+Q4erHnJQi1xkvR/6k1JtyiHoJ9vrPFJl+6+zXNOtMRHEwI2+9OQpTde9wryAHINSP1h8NQI6VhwsjdCbKIZznE67cyYWkhjN+ccu3EzAdf5jjolZmFy2/SG2BFm9wbWO8fByKh2vo4K0EyGhrwpLGeD9iRvKNV1PGT19zgDQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=gHUgB7ag; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="gHUgB7ag" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 596FAC4CEF1; Tue, 16 Dec 2025 10:32:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1765881149; bh=F9bQ/UvrsIyuRktgqiX0GIGW+ZipeRxgKTt8GG3VcmU=; h=Subject:To:Cc:From:Date:From; b=gHUgB7agKWrdyX99emO0nlL9kfd5orghgaTr3q2MtnWirQLiUg2Y+bQMUta8HGANu +9E8ugsY9QwN+HxZvc0nBY3/5g5XPyU41sEPHo/+320JhvOWcHOc8GFzQmW1exOSay LWIZn9CgH1vr217ez4ssAvjgDh3H9NsGHejjAYvA= Subject: FAILED: patch "[PATCH] ALSA: wavefront: Fix integer overflow in sample size" failed to apply to 6.6-stable tree To: moonafterrain@outlook.com,tiwai@suse.de Cc: From: Date: Tue, 16 Dec 2025 11:32:15 +0100 Message-ID: <2025121615-subplot-parachute-73bb@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0c4a13ba88594fd4a27292853e736c6b4349823d # git commit -s git send-email --to '' --in-reply-to '2025121615-subplot-parachute-73bb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0c4a13ba88594fd4a27292853e736c6b4349823d Mon Sep 17 00:00:00 2001 From: Junrui Luo Date: Thu, 6 Nov 2025 10:49:46 +0800 Subject: [PATCH] ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int for comparison with dev->freemem Fix by using unsigned comparison to avoid integer overflow. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Junrui Luo Link: https://patch.msgid.link/SYBPR01MB7881B47789D1B060CE8BF4C3AFC2A@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai diff --git a/sound/isa/wavefront/wavefront_synth.c b/sound/isa/wavefront/wavefront_synth.c index cd5c177943aa..0d78533e1cfd 100644 --- a/sound/isa/wavefront/wavefront_synth.c +++ b/sound/isa/wavefront/wavefront_synth.c @@ -950,9 +950,9 @@ wavefront_send_sample (snd_wavefront_t *dev, if (header->size) { dev->freemem = wavefront_freemem (dev); - if (dev->freemem < (int)header->size) { + if (dev->freemem < 0 || dev->freemem < header->size) { dev_err(dev->card->dev, - "insufficient memory to load %d byte sample.\n", + "insufficient memory to load %u byte sample.\n", header->size); return -ENOMEM; }