linux/sound
Hui Peng daac07156b ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
The `uac_mixer_unit_descriptor` shown as below is read from the
device side. In `parse_audio_mixer_unit`, `baSourceID` field is
accessed from index 0 to `bNrInPins` - 1, the current implementation
assumes that descriptor is always valid (the length  of descriptor
is no shorter than 5 + `bNrInPins`). If a descriptor read from
the device side is invalid, it may trigger out-of-bound memory
access.

```
struct uac_mixer_unit_descriptor {
	__u8 bLength;
	__u8 bDescriptorType;
	__u8 bDescriptorSubtype;
	__u8 bUnitID;
	__u8 bNrInPins;
	__u8 baSourceID[];
}
```

This patch fixes the bug by add a sanity check on the length of
the descriptor.

Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2019-08-14 20:05:56 +02:00
..
ac97 ALSA: ac97: Fix double free of ac97_codec_device 2019-07-23 14:16:11 +02:00
aoa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 250 2019-06-19 17:09:08 +02:00
arm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
atmel treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
core ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain 2019-07-29 19:05:42 +02:00
drivers treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
firewire ALSA: firewire: fix a memory leak bug 2019-08-08 11:12:26 +02:00
hda ALSA: hda: Fix 1-minute detection delay when i915 module is not available 2019-07-27 08:31:46 +02:00
i2c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
isa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 371 2019-06-05 17:37:10 +02:00
mips treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176 2019-05-30 11:29:19 -07:00
oss treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
parisc treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 176 2019-05-30 11:29:19 -07:00
pci ALSA: hda - Add a generic reboot_notify 2019-08-14 08:38:23 +02:00
pcmcia treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
ppc ALSA: ps3: Remove Unneeded variable: "ret" 2019-07-10 11:53:31 +02:00
sh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 273 2019-06-05 17:30:30 +02:00
soc ASoC: Fixes for v5.3 2019-08-06 12:28:28 +02:00
sparc treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
spi treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
synth treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
usb ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit 2019-08-14 20:05:56 +02:00
x86 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 285 2019-06-05 17:36:37 +02:00
xen ASoC: Updates for v5.3 2019-07-08 14:45:34 +02:00
ac97_bus.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
last.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
Makefile
sound_core.c sound: fix a memory leak bug 2019-08-08 08:18:32 +02:00