ALSA: dice: fix buffer overflow in detect_stream_formats() - kernel

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2025-11-28 12:06:31 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-12-18 14:00:16 +0100
commit	932aa1e80b022419cf9710e970739b7a8794f27c (patch)
tree	9dfefba94bba23ce4d492b42fe150189d1f041fc /lib/bootconfig-data.S
parent	dd2807a22a2330dbe2f0588e578ff5ec05185920 (diff)

ALSA: dice: fix buffer overflow in detect_stream_formats()

commit 324f3e03e8a85931ce0880654e3c3eb38b0f0bba upstream. The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats(). Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats") Cc: stable@vger.kernel.org Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'lib/bootconfig-data.S')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: