projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d01a3aa) | patch
ALSA: dice: fix buffer overflow in detect_stream_formats()
authorJunrui Luo <moonafterrain@outlook.com>
Fri, 28 Nov 2025 04:06:31 +0000 (12:06 +0800)
committerTakashi Iwai <tiwai@suse.de>
Sat, 29 Nov 2025 09:33:44 +0000 (10:33 +0100)
commit324f3e03e8a85931ce0880654e3c3eb38b0f0bba
tree11021dc042692151516f3f1f3a4454845967617btree
parentd01a3aad7f2c183152dec02202aa1d23ee02556ccommit | diff
ALSA: dice: fix buffer overflow in detect_stream_formats()

The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().

Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Reported-by: Junrui Luo <moonafterrain@outlook.com>
Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats")
Cc: stable@vger.kernel.org
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
sound/firewire/dice/dice-extension.c diff | blob | history
MicroBlaze GIT Repository