rjmcmahon
/
umber-kernel
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
umber-kernel/sound/firewire
History
Junrui Luo 1e1b3207a5 ALSA: dice: fix buffer overflow in detect_stream_formats() 
commit 324f3e03e8a85931ce0880654e3c3eb38b0f0bba upstream.

The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().

Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Reported-by: Junrui Luo <moonafterrain@outlook.com>
Fixes: 58579c056c ("ALSA: dice: use extended protocol to detect available stream formats")
Cc: stable@vger.kernel.org
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2025-12-18 14:03:42 +01:00
..
bebob ALSA: firewire: bebob: Use guard() for spin locks 2025-08-30 10:02:21 +02:00
dice ALSA: dice: fix buffer overflow in detect_stream_formats() 2025-12-18 14:03:42 +01:00
digi00x ALSA: firewire: digi00x: Use guard() for spin locks 2025-08-30 10:02:21 +02:00
fireface ALSA: firewire: fireface: Use guard() for spin locks 2025-08-30 10:02:21 +02:00
fireworks ALSA: firewire: fireworks: Use guard() for spin locks 2025-08-30 10:02:22 +02:00
motu ALSA: firewire-motu: add bounds check in put_user loop for DSP events 2025-12-18 14:03:39 +01:00
oxfw ALSA: firewire: oxfw: Use guard() for spin locks 2025-08-30 10:02:27 +02:00
tascam ALSA: firewire: tascam: Use guard() for spin locks 2025-08-30 10:02:27 +02:00
Kconfig
Makefile
amdtp-am824.c
amdtp-am824.h
amdtp-stream-trace.h
amdtp-stream.c ALSA: firewire: lib: Use guard() for mutex locks 2025-08-30 10:02:21 +02:00
amdtp-stream.h ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings 2025-10-14 15:12:52 +02:00
cmp.c ALSA: firewire: lib: Use guard() for mutex locks 2025-08-30 10:02:21 +02:00
cmp.h
fcp.c ALSA: firewire: lib: Use guard() for spin locks 2025-08-30 10:02:27 +02:00
fcp.h
isight.c ALSA: firewire: isight: Use guard() for mutex locks 2025-08-30 10:02:21 +02:00
iso-resources.c ALSA: firewire: lib: Use guard() for spin locks 2025-08-30 10:02:27 +02:00
iso-resources.h
lib.c
lib.h
packets-buffer.c
packets-buffer.h