Patch "ALSA: usb-audio: Fix potential zero-division at parsing FU" has been added to the 4.9-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

* Patch "ALSA: usb-audio: Fix potential zero-division at parsing FU" has been added to the 4.9-stable tree
@ 2017-11-27 16:06 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-11-27 16:06 UTC (permalink / raw)
  To: tiwai, gregkh; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    ALSA: usb-audio: Fix potential zero-division at parsing FU

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 8428a8ebde2db1e988e41a58497a28beb7ce1705 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Tue, 21 Nov 2017 17:07:43 +0100
Subject: ALSA: usb-audio: Fix potential zero-division at parsing FU

From: Takashi Iwai <tiwai@suse.de>

commit 8428a8ebde2db1e988e41a58497a28beb7ce1705 upstream.

parse_audio_feature_unit() contains a code dividing potentially with
zero when a malformed FU descriptor is passed.  Although there is
already a sanity check, it checks only the value zero, hence it can
still lead to a zero-division when a value 1 is passed there.

Fix it by correcting the sanity check (and the error message
thereof).

Fixes: 23caaf19b11e ("ALSA: usb-mixer: Add support for Audio Class v2.0")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 sound/usb/mixer.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/sound/usb/mixer.c
+++ b/sound/usb/mixer.c
@@ -1470,9 +1470,9 @@ static int parse_audio_feature_unit(stru
 			return -EINVAL;
 		}
 		csize = hdr->bControlSize;
-		if (!csize) {
+		if (csize <= 1) {
 			usb_audio_dbg(state->chip,
-				      "unit %u: invalid bControlSize == 0\n",
+				      "unit %u: invalid bControlSize <= 1\n",
 				      unitid);
 			return -EINVAL;
 		}


Patches currently in stable-queue which might be from tiwai@suse.de are

queue-4.9/alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch
queue-4.9/alsa-timer-remove-kernel-warning-at-compat-ioctl-error-paths.patch
queue-4.9/alsa-hda-add-raven-pci-id.patch
queue-4.9/alsa-usb-audio-add-sanity-checks-in-v2-clock-parsers.patch
queue-4.9/alsa-hda-fix-too-short-hdmi-dp-chmap-reporting.patch
queue-4.9/alsa-hda-realtek-fix-alc700-family-no-sound-issue.patch
queue-4.9/alsa-usb-audio-fix-potential-out-of-bound-access-at-parsing-su.patch
queue-4.9/alsa-pcm-update-tstamp-only-if-audio_tstamp-changed.patch
queue-4.9/alsa-usb-audio-add-sanity-checks-to-fe-parser.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-11-27 16:09 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-27 16:06 Patch "ALSA: usb-audio: Fix potential zero-division at parsing FU" has been added to the 4.9-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.