21 Nov
2017
21 Nov
'17
5:33 p.m.
Hi,
as recently spotted by syzkaller, the parser codes in USB audio driver don't check the length of the descriptor unit before actually accessing the extra field, which may lead to out-of-bound access error. This patchset tries to address these by adding proper sanity checks.
Takashi
===
Takashi Iwai (4): ALSA: usb-audio: Add sanity checks to FE parser ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Fix potential zero-division at parsing FU ALSA: usb-audio: Add sanity checks in v2 clock parsers
sound/usb/clock.c | 9 ++++++--- sound/usb/mixer.c | 19 ++++++++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-)
--
2.15.0