From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:60233 "EHLO
        shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S965344AbeBMS3S (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 13 Feb 2018 13:29:18 -0500
Message-ID: <1518546535.2617.47.camel@decadent.org.uk>
Subject: Re: [PATCH 3.2 57/79] ALSA: usb-audio: Fix potential zero-division
 at parsing FU
From: Ben Hutchings <ben@decadent.org.uk>
To: Takashi Iwai <tiwai@suse.de>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        akpm@linux-foundation.org
Date: Tue, 13 Feb 2018 18:28:55 +0000
In-Reply-To: <s5hr2pqae1k.wl-tiwai@suse.de>
References: <lsq.1518322802.943358572@decadent.org.uk>
         <lsq.1518322806.943407157@decadent.org.uk> <s5hr2pqae1k.wl-tiwai@suse.de>
Content-Type: multipart/signed; micalg="pgp-sha512";
        protocol="application/pgp-signature"; boundary="=-ml8q+OIeh+zg/Un6wEjH"
Mime-Version: 1.0
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


--=-ml8q+OIeh+zg/Un6wEjH
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 2018-02-12 at 07:59 +0100, Takashi Iwai wrote:
> On Sun, 11 Feb 2018 05:20:06 +0100,
> Ben Hutchings wrote:
> >=20
> > 3.2.99-rc1 review patch.  If anyone has any objections, please let me k=
now.
> >=20
> > ------------------
> >=20
> > From: Takashi Iwai <tiwai@suse.de>
> >=20
> > commit 8428a8ebde2db1e988e41a58497a28beb7ce1705 upstream.
>=20
> Please drop this.  This patch is broken, and was reverted in the later
> commit 3c02a6d94665.

Thanks, I've dropped this from 3.2 and 3.16 patch queues.

Ben.

> thanks,
>=20
> Takashi
>=20
>=20
> >=20
> > parse_audio_feature_unit() contains a code dividing potentially with
> > zero when a malformed FU descriptor is passed.  Although there is
> > already a sanity check, it checks only the value zero, hence it can
> > still lead to a zero-division when a value 1 is passed there.
> >=20
> > Fix it by correcting the sanity check (and the error message
> > thereof).
> >=20
> > Fixes: 23caaf19b11e ("ALSA: usb-mixer: Add support for Audio Class v2.0=
")
> > Signed-off-by: Takashi Iwai <tiwai@suse.de>
> > [bwh: Backported to 3.2: adjust context]
> > Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> > ---
> >  sound/usb/mixer.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >=20
> > --- a/sound/usb/mixer.c
> > +++ b/sound/usb/mixer.c
> > @@ -1262,9 +1262,9 @@ static int parse_audio_feature_unit(stru
> >  			return -EINVAL;
> >  		}
> >  		csize =3D hdr->bControlSize;
> > -		if (!csize) {
> > +		if (csize <=3D 1) {
> >  			snd_printdd(KERN_ERR "usbaudio: unit %u: "
> > -				    "invalid bControlSize =3D=3D 0\n", unitid);
> > +				    "invalid bControlSize <=3D 1\n", unitid);
> >  			return -EINVAL;
> >  		}
> >  		channels =3D (hdr->bLength - 7) / csize - 1;
> >=20
--=20
Ben Hutchings
friends: People who know you well, but like you anyway.


--=-ml8q+OIeh+zg/Un6wEjH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlqDLmcACgkQ57/I7JWG
EQn/vg/8Ddyk2bchhVumhEc0Qvqj7Q3K34FOnhKMmGUN7TTsoNUKk4exoZk5nZXi
d9Y70IuU3yVy43ibCtbBiNhUAvPaAb2OCjxPRsLZ7+rj8jHgGhEWUMtbjuNlCUdI
7a/KBd073IZjzarvhrNeKhazvBZA7JTAgD+YlvigXuqO103SduOYaGgEmo5Dc+L4
sqsKxXopFlwc7SJbdnvaZQt4ZQ2qNxLgOqtgmGzgTODn/Wcw6W8wOlUCv1bgVlQz
tISnAsZKZxCVYNAP0+AhlctDw7Lsq6eZboStPfGbdcGFpgw33KG9YrRS8OdsIdSx
i1ccAIN4w/4pGlOqI/Tka1pCaSlcNnxZo5EKsBC3Hnj/JWlPDycnCNhV5eRiPQ4R
Cct1m4C61siLqo22fSgDDpHjhIqfdhgktti+IN2gU8/p6+rng3GPn3zlMZ9ueOiz
klKRH7r2N/3mmxIGm1U3uCIhSZgwg1QN0p56eG0KZyCIu3JPsyxl7vMCnkVMxLx5
gylSF3U7A01XCEJGFM7SedOc6n3WuZ/JuWDXIpJ6MH+ZAxFoGRkbb1ZGIrxIPwu5
7O7UPPSNtzbjTuU5WPsdUY5y2zJKPsUpuHcVMBYhFVtVbjAT8R30cpfKEzz77y79
Zp3PtZMBl6zw4+MVHhWfSnHUv+sf2Z7AxaKw/hNNe9vnXZDVpXU=
=L0l0
-----END PGP SIGNATURE-----

--=-ml8q+OIeh+zg/Un6wEjH--