ALSA: dice: fix buffer overflow in detect_stream_formats() - kernel

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2025-11-28 12:06:31 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-12-18 13:55:23 +0100
commit	c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6 (patch)
tree	320177d5e1a566dd32dd8e9e47fbaa4f41adc049 /include/net/aligned_data.h
parent	8404a1b1f5f167151b6e83cff2a010d61c2425d7 (diff)

ALSA: dice: fix buffer overflow in detect_stream_formats()

commit 324f3e03e8a85931ce0880654e3c3eb38b0f0bba upstream. The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats(). Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats") Cc: stable@vger.kernel.org Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: