Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 8866f405efd4171f9d9c91901d2dd02f01bacb60
commit8866f405efd4171f9d9c91901d2dd02f01bacb60[log] [tgz]
authorXi Wang <xi.wang@gmail.com>Tue Feb 14 05:18:48 2012 -0500
committerTakashi Iwai <tiwai@suse.de>Wed Feb 15 14:58:15 2012 +0100
tree414b07ed6d979f9aad804dc16b4f280247741eaf
parent27c3afe6e1cf129faac90405121203962da08ff4 [diff]
ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk()

A malicious USB device could feed in a large nr_rates value.  This would
cause the subsequent call to kmemdup() to allocate a smaller buffer than
expected, leading to out-of-bounds access.

This patch validates the nr_rates value and reuses the limit introduced
in commit 4fa0e81b ("ALSA: usb-audio: fix possible hang and overflow
in parse_uac2_sample_rate_range()").

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
3 files changed
tree: 414b07ed6d979f9aad804dc16b4f280247741eaf
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS