[PATCH] usbredirhost: prevent overflow in usbredirhost_set_iso_threshold
Anastasia Belova
abelova at astralinux.ru
Mon Jul 1 11:11:54 UTC 2024
pkts_per_transfer < MAX_PACKETS_PER_TRANSFER = 32.
transfer_count < MAX_TRANSFER_COUNT = 16.
max_packetsize = maxp * mult. mult <= 3.
maxp <= 0x7ff. If all variables have their max value,
the result will be bigger that uint16_t.
Add an explicit cast.
Signed-off-by: Anastasia Belova <abelova at astralinux.ru>
---
usbredirhost/usbredirhost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usbredirhost/usbredirhost.c b/usbredirhost/usbredirhost.c
index 03c56e9..ca19473 100644
--- a/usbredirhost/usbredirhost.c
+++ b/usbredirhost/usbredirhost.c
@@ -1193,7 +1193,7 @@ static void usbredirhost_stop_stream(struct usbredirhost *host,
static void usbredirhost_set_iso_threshold(struct usbredirhost *host,
uint8_t pkts_per_transfer, uint8_t transfer_count, uint16_t max_packetsize)
{
- uint64_t reference = pkts_per_transfer * transfer_count * max_packetsize;
+ uint64_t reference = (uint64_t)pkts_per_transfer * transfer_count * max_packetsize;
host->iso_threshold.lower = reference / 2;
host->iso_threshold.higher = reference * 3;
DEBUG("higher threshold is %" PRIu64 " bytes | lower threshold is %" PRIu64 " bytes",
--
2.30.2
More information about the Spice-devel
mailing list