From 0da00be7e64a19656af4d4abfe65aac0c5ee4c2e Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 14 Jun 2020 10:39:26 +0200
Subject: [PATCH] ALSA: pcm: oss: Place the plugin buffer overflow checks
 correctly

Closes: #960493
---
 debian/changelog                              |  2 +
 ...ce-the-plugin-buffer-overflow-checks.patch | 92 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 95 insertions(+)
 create mode 100644 debian/patches/bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch

diff --git a/debian/changelog b/debian/changelog
index c9a2c058e..f5c14a548 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ linux (4.19.118-3) UNRELEASED; urgency=medium
 
   * include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for
     swap (Closes: #960271)
+  * ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
+    (Closes: #960493)
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 13 May 2020 17:44:43 +0200
 
diff --git a/debian/patches/bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch b/debian/patches/bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
new file mode 100644
index 000000000..bb669a314
--- /dev/null
+++ b/debian/patches/bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
@@ -0,0 +1,92 @@
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 24 Apr 2020 21:33:50 +0200
+Subject: ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
+Origin: https://git.kernel.org/linus/4285de0725b1bf73608abbcd35ad7fd3ddc0b61e
+Bug-Debian: https://bugs.debian.org/960493
+
+The checks of the plugin buffer overflow in the previous fix by commit
+  f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow")
+are put in the wrong places mistakenly, which leads to the expected
+(repeated) sound when the rate plugin is involved.  Fix in the right
+places.
+
+Also, at those right places, the zero check is needed for the
+termination node, so added there as well, and let's get it done,
+finally.
+
+Fixes: f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow")
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200424193350.19678-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+---
+ sound/core/oss/pcm_plugin.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c
+index 50c35ecc8953..d1760f86773c 100644
+--- a/sound/core/oss/pcm_plugin.c
++++ b/sound/core/oss/pcm_plugin.c
+@@ -211,21 +211,23 @@ static snd_pcm_sframes_t plug_client_size(struct snd_pcm_substream *plug,
+ 	if (stream == SNDRV_PCM_STREAM_PLAYBACK) {
+ 		plugin = snd_pcm_plug_last(plug);
+ 		while (plugin && drv_frames > 0) {
+-			if (check_size && drv_frames > plugin->buf_frames)
+-				drv_frames = plugin->buf_frames;
+ 			plugin_prev = plugin->prev;
+ 			if (plugin->src_frames)
+ 				drv_frames = plugin->src_frames(plugin, drv_frames);
++			if (check_size && plugin->buf_frames &&
++			    drv_frames > plugin->buf_frames)
++				drv_frames = plugin->buf_frames;
+ 			plugin = plugin_prev;
+ 		}
+ 	} else if (stream == SNDRV_PCM_STREAM_CAPTURE) {
+ 		plugin = snd_pcm_plug_first(plug);
+ 		while (plugin && drv_frames > 0) {
+ 			plugin_next = plugin->next;
++			if (check_size && plugin->buf_frames &&
++			    drv_frames > plugin->buf_frames)
++				drv_frames = plugin->buf_frames;
+ 			if (plugin->dst_frames)
+ 				drv_frames = plugin->dst_frames(plugin, drv_frames);
+-			if (check_size && drv_frames > plugin->buf_frames)
+-				drv_frames = plugin->buf_frames;
+ 			plugin = plugin_next;
+ 		}
+ 	} else
+@@ -251,26 +253,28 @@ static snd_pcm_sframes_t plug_slave_size(struct snd_pcm_substream *plug,
+ 		plugin = snd_pcm_plug_first(plug);
+ 		while (plugin && frames > 0) {
+ 			plugin_next = plugin->next;
++			if (check_size && plugin->buf_frames &&
++			    frames > plugin->buf_frames)
++				frames = plugin->buf_frames;
+ 			if (plugin->dst_frames) {
+ 				frames = plugin->dst_frames(plugin, frames);
+ 				if (frames < 0)
+ 					return frames;
+ 			}
+-			if (check_size && frames > plugin->buf_frames)
+-				frames = plugin->buf_frames;
+ 			plugin = plugin_next;
+ 		}
+ 	} else if (stream == SNDRV_PCM_STREAM_CAPTURE) {
+ 		plugin = snd_pcm_plug_last(plug);
+ 		while (plugin) {
+-			if (check_size && frames > plugin->buf_frames)
+-				frames = plugin->buf_frames;
+ 			plugin_prev = plugin->prev;
+ 			if (plugin->src_frames) {
+ 				frames = plugin->src_frames(plugin, frames);
+ 				if (frames < 0)
+ 					return frames;
+ 			}
++			if (check_size && plugin->buf_frames &&
++			    frames > plugin->buf_frames)
++				frames = plugin->buf_frames;
+ 			plugin = plugin_prev;
+ 		}
+ 	} else
+-- 
+2.27.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 945f03de7..ffbc139b8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -101,6 +101,7 @@ debian/revert-objtool-fix-config_stack_validation-y-warning.patch
 bugfix/all/mt76-use-the-correct-hweight8-function.patch
 bugfix/all/rtc-s35390a-set-uie_unsupported.patch
 bugfix/all/include-uapi-linux-swab.h-fix-userspace-breakage-use.patch
+bugfix/all/ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch
 
 # Miscellaneous features