ALSA: dice: fix buffer overflow in detect_stream_formats() - kernel

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2025-11-28 12:06:31 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-12-18 14:03:42 +0100
commit	1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9 (patch)
tree	b7e7aa8db3f4b73875a2e710aa2ece042d0aa127 /include/net/aligned_data.h
parent	d6d0caff738fafc20eb242433685b398f9158314 (diff)

ALSA: dice: fix buffer overflow in detect_stream_formats()

commit 324f3e03e8a85931ce0880654e3c3eb38b0f0bba upstream. The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats(). Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats") Cc: stable@vger.kernel.org Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'include/net/aligned_data.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: