[alsa-devel] [stable] usb-audio validation fixes [3.0, 3.2]
It looks these fixes are suitable for inclusion in the 3.0.y and 3.2.y stable branches:
commit 4fa0e81b83503900be277e6273a79651b375e288 Author: Xi Wang xi.wang@gmail.com Date: Sun Jan 8 09:02:52 2012 -0500
ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range()
commit 8866f405efd4171f9d9c91901d2dd02f01bacb60 Author: Xi Wang xi.wang@gmail.com Date: Tue Feb 14 05:18:48 2012 -0500
ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()
Do you agree?
Ben.
At Tue, 28 May 2013 02:27:49 +0100, Ben Hutchings wrote:
It looks these fixes are suitable for inclusion in the 3.0.y and 3.2.y stable branches:
commit 4fa0e81b83503900be277e6273a79651b375e288 Author: Xi Wang xi.wang@gmail.com Date: Sun Jan 8 09:02:52 2012 -0500
ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range()commit 8866f405efd4171f9d9c91901d2dd02f01bacb60 Author: Xi Wang xi.wang@gmail.com Date: Tue Feb 14 05:18:48 2012 -0500
ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()Do you agree?
If it's applicable to old kernels, yes, it's worth. I didn't mark it simply because the patch hasn't been tested with the actual hardware. But the change itself is simple, and should be safe to apply.
thanks,
Takashi
On Tue, 2013-05-28 at 08:28 +0200, Takashi Iwai wrote:
At Tue, 28 May 2013 02:27:49 +0100, Ben Hutchings wrote:
It looks these fixes are suitable for inclusion in the 3.0.y and 3.2.y stable branches:
commit 4fa0e81b83503900be277e6273a79651b375e288 Author: Xi Wang xi.wang@gmail.com Date: Sun Jan 8 09:02:52 2012 -0500
ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range()commit 8866f405efd4171f9d9c91901d2dd02f01bacb60 Author: Xi Wang xi.wang@gmail.com Date: Tue Feb 14 05:18:48 2012 -0500
ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()Do you agree?
If it's applicable to old kernels, yes, it's worth. I didn't mark it simply because the patch hasn't been tested with the actual hardware.
So no-one's tried fuzz-testing? This is just based on code inspection or static analysis?
But the change itself is simple, and should be safe to apply.
Right, I've queued these up for 3.2.
Ben.
At Thu, 13 Jun 2013 02:30:39 +0100, Ben Hutchings wrote:
On Tue, 2013-05-28 at 08:28 +0200, Takashi Iwai wrote:
At Tue, 28 May 2013 02:27:49 +0100, Ben Hutchings wrote:
It looks these fixes are suitable for inclusion in the 3.0.y and 3.2.y stable branches:
commit 4fa0e81b83503900be277e6273a79651b375e288 Author: Xi Wang xi.wang@gmail.com Date: Sun Jan 8 09:02:52 2012 -0500
ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range()commit 8866f405efd4171f9d9c91901d2dd02f01bacb60 Author: Xi Wang xi.wang@gmail.com Date: Tue Feb 14 05:18:48 2012 -0500
ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()Do you agree?
If it's applicable to old kernels, yes, it's worth. I didn't mark it simply because the patch hasn't been tested with the actual hardware.
So no-one's tried fuzz-testing? This is just based on code inspection or static analysis?
The latter case. For testing this, you'll need the modified USB descriptor, thus some modified hardware, USB gadget or VM is required.
Takashi
But the change itself is simple, and should be safe to apply.
Right, I've queued these up for 3.2.
Ben.
-- Ben Hutchings friends: People who know you well, but like you anyway.
participants (2)
-
Ben Hutchings -
Takashi Iwai