[alsa-devel] [stable] usb-audio validation fixes [3.0, 3.2]
Takashi Iwai
tiwai at suse.de
Mon Jun 17 09:52:48 CEST 2013
At Thu, 13 Jun 2013 02:30:39 +0100,
Ben Hutchings wrote:
>
> On Tue, 2013-05-28 at 08:28 +0200, Takashi Iwai wrote:
> > At Tue, 28 May 2013 02:27:49 +0100,
> > Ben Hutchings wrote:
> > >
> > > It looks these fixes are suitable for inclusion in the 3.0.y and 3.2.y
> > > stable branches:
> > >
> > > commit 4fa0e81b83503900be277e6273a79651b375e288
> > > Author: Xi Wang <xi.wang at gmail.com>
> > > Date: Sun Jan 8 09:02:52 2012 -0500
> > >
> > > ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range()
> > >
> > > commit 8866f405efd4171f9d9c91901d2dd02f01bacb60
> > > Author: Xi Wang <xi.wang at gmail.com>
> > > Date: Tue Feb 14 05:18:48 2012 -0500
> > >
> > > ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()
> > >
> > > Do you agree?
> >
> > If it's applicable to old kernels, yes, it's worth.
> > I didn't mark it simply because the patch hasn't been tested with the
> > actual hardware.
>
> So no-one's tried fuzz-testing? This is just based on code inspection
> or static analysis?
The latter case. For testing this, you'll need the modified USB
descriptor, thus some modified hardware, USB gadget or VM is
required.
Takashi
> > But the change itself is simple, and should be safe to apply.
>
> Right, I've queued these up for 3.2.
>
> Ben.
>
> --
> Ben Hutchings
> friends: People who know you well, but like you anyway.
More information about the Alsa-devel
mailing list